Tresorit receives ISO 27001:2022 certificate

At Tresorit, our mission is to empower professionals in all organizations to have a secure and easy way to collaborate with their sensitive and confidential information. We aim to enable businesses to focus on the tasks that truly matter while safeguarding their data in the cloud.

In line with this objective, Tresorit consistently prioritizes compliance with applicable laws, as well as industry standard best practices to guarantee the best security level of our customers.

As evidence of this commitment we have implemented actions based on ISO/IEC 27001:2013 ‘Information security management systems’ standard. Tresorit obtained this certification in May 2018 and has diligently maintained its validity through ongoing efforts. A new version of ISO 27001 standard was released on 31 October 2022. Tresorit’s management  decided to pursue a new certification at the earliest opportunity,, prompting the initiation of a preparations in early 2023

Throughout the year, teams responsible for information security, - led by the  Governance, Privacy, Risk and Compliance (GPRC) Team - joined forces to implement all the necessary changes. The recertification audit took place in February 2024, based on the renewed ISO/IEC 27001:2022 standard and it was concluded with a successful result.

All Tresorit entities’ security compliance was validated by an independent audit firm, member of the internationally trusted TÜV Rheinland Group. After a rigorous process of demonstrating an ongoing and systematic approach to managing and protecting company and customer data securely, we got certified. Being a company with security at our heart, this milestone is very important for us. Please find our new certification here.

What is ISO 27001?

ISO 27001 is one of the most widely recognized and internationally accepted information security standards. It’s one of the few standards that uses a top-down, risk-based approach to evaluation. It identifies requirements and specifications for a comprehensive Information Security Management System (ISMS) defining how an organization should manage and treat information more securely, including applicable security controls.

What modifications have been made in the 2022 iteration of the standard? In the 2022 version, there have been minor adjustments to align with the latest updates of ISO’s High Level Structure (HLS). These changes help align ISO 27001 with other ISO management standards.The most significant changes are in Annex A, which contains the security controls that can be implemented to address the information security risks identified by the organization. The number of controls has been reduced from 114 to 93, and they are now organized into four themes (organizational, people, physical, technical), instead of the previous 14 sections.The benefits of an ISO/IEC 27001 management system and certification have not changed; however, the new version helps companies understand better how to manage and mitigate new risks and threats in business context.

What did we have to do to get the certification?

As a first step, we had to get commitment from our top management to ensure success. We then identified internal and external issues and stakeholders to ensure all expectations are considered for the scope of the ISMS. Following this, we established risk management and had to assess and treat risks. Based on the output implement, appropriate organizational policy and/or technical controls had to be set up. Finally, we performed an internal audit and carried out a management review. Once everything was in order, we had to find an appropriate certificate body that fitted our business profile to carry out the audit.

What is the scope of our ISMS?

Our ISMS covers sales, development, maintenance and support of our end-to-end encrypted cloud services.

Why is it important for our customers?

This certification is an additional proof of our commitment to information security. It plays a crucial role in assuring our customers that we take all necessary steps to keep their data in the cloud safe, secure, and accessible.

How will this impact our customers?

The services we provide to our customers will not be impacted. This certification is a security credential for your reference.