WoodWing Group has committed to implementing and maintaining an Information Security Management System, in accordance with the requirements of ISO 27001:2013.
We are committed to respecting the privacy of all our customers, developing software with security by design and by default, protecting any customer data from outside parties, and ensuring that their requirements are met, unless otherwise required to do so by law.
To this end, Management is committed to maintaining a secure environment in which to control and process confidential information. We are also committed to the overall continual improvement of the Information Security Management System, including Management setting and reviewing security objectives.
All of the components of this ISMS are periodically and systematically reviewed by both internal and external audit procedures and parties.
A full-time security officer has been appointed to be responsible for the control of all matters relating to the implementation, control and continuing audit of these procedures.
The implementation and continuing control of the ISO 27001: 2013 standard are fundamental to all work undertaken by the WoodWing Group. The information security policy is communicated, understood and applied within the organization and is available to relevant interested parties, as appropriate.
We have adopted the process approach for developing, implementing and improving the effectiveness of its ISMS and we are committed to:
- Understanding business information security requirements and the need to establish policy and objectives for information security
- Implementing and operating controls in the context of managing the Group’s overall business risk
- Monitoring and reviewing the performance and effectiveness of the ISMS
- Continual improvement based on objective measures
- Carrying out annual external pentests on all software provided to customers. This year's pentest have been carried out without any major non conformities.
- Communicate throughout the Group the importance of meeting all relevant statutory and regulatory requirements specifically related to its business activities
- Ensuring that adequate resources are determined and provided to monitor and maintain the ISMS.
We firmly believe that certification to ISO 27001:2013 is essential in our commitment to ensuring information security, customer satisfaction, continued growth and improvement of our company.
The Group will monitor the effectiveness of this policy and its general compliance within the organization.
Ross Paterson, CEO
Peter van Det, CISSP
Corporate Information Security officer. (CISO)
WoodWing group members: WoodWing, Expansion, and Scienta