yasoon’s ISO 27001 compliance with Vanta

As an Atlassian Platinum Marketplace partner, ensuring the security of our app is paramount.

One effective way to demonstrate your commitment to security is through certifications. Certifications involve the audit of your security practices, policies, and operations by external professionals. These certifications come in different standards, with ISO 27001 and SOC2 being the most common ones. While ISO 27001 is internationally accepted, SOC2 is popular in North America, more domain specific ones like FedAMP or HIPAA exist as well.

The importance of certification

Since April 2023, yasoon is ISO 27001 compliant. Adherence to standards helps build trust and quickly gain approval from security teams. This is particularly important when dealing with a customer base that values certifications, such as in Germany. In our experience, ISO 27001 is widely recognized internationally, making it a valuable certification for us to pursue.

Why did we choose Vanta for yasoon’s certification?

Vanta is a mature SaaS that helps you automate most of the work required to obtain ISO 27001. It has a stellar reputation and extensive experience in the industry. It is a popular choice among developers due to its strong presence on GitHub (aka “It has the most stars on Github”). It offers seamless integration with major platforms such as M365, AzureAD, GitHub, and AWS. This alignment allows for efficient monitoring and streamlines the certification process.

Once you have obtained one certification, such as ISO 27001 or SOC2, Vanta offers discounted rates to extend your compliance to other standards like GDPR. This helps you address multiple compliance requirements simultaneously. Not a day went by where we did not think “Wow, this is actually worth the money”. We’d have no certification, if not for Vanta.

Infrastructure improvements

AWS CloudWatch logs and alerts provide better visibility into your infrastructure’s security posture, enabling timely responses to potential threats. With code scanning in pull requests and advanced repository policies, GitHub enhances code security throughout your development process. By enrolling employee hardware and implementing security and configuration policies, Microsoft Intune (MDM) ensures improved security, automated updates, and streamlined management.

Benefits of MDM

Automatic and timely security updates, including patches for software like Outlook, minimize vulnerabilities. No need to nag employees about installing security updates or setting up things manually. MDM notifies you of critical events such as phishing link clicks, helping you proactively respond to potential threats.

Wow, MDM is super useful 😛 You shouldn’t be able to access that 😱 We should probably retire this old EC2 instance 💣

– us, realizing a certification is *actually* useful

Overall benefits of certifications

Certifications drive better quality, security, and overall security posture in your organization. They promote regular backups, access reviews, and other essential security measures. By obtaining certifications, you can sleep soundly, knowing that your organization has fewer blind spots and is better prepared to tackle security challenges.

After all, pursuing certifications is a time and money investment, but the benefits they offer for your company are significant. Certifications demonstrate your commitment to security, build trust with customers, and enhance your operational efficiency. Consider the needs of your business and evaluate whether ISO 27001 or SOC2 certification is more suitable for your specific audience.

As we made a lot of progress with ISO 27001, SOC2 is next on our roadmap. A good certification process is addicting 🤓 And this is how our shiny new trust page with all cumulated security information looks like: