Fortanix Receives ISO 27001 Certification

Fortanix® Inc., the multi-cloud data security company and the pioneer of Confidential Computing, today announced that it has received ISO 27001 certification, the global standard for effective information management.  

ISO 27001 certification is an international information security standard that demonstrates an organization has the tools and systems in place to ensure the confidentiality, integrity, and availability of all corporate data. Published by the ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission), ISO 27001 is the only certifiable information security standard recognized internationally.  

An extensive year-long internal and external audit is required to examine 114 information security controls across domains including asset management, physical security, access control, incident management, regulatory control, and more. Beyond the initial assessment and certification, ISO 27001 also commits certified organizations to ongoing follow-up reviews and audits to remain in compliance through ongoing controls and re-assessment audits.  

“Fortanix customers place the most sensitive data and workloads on the Data Security Manager platform,” said Dr. Jethro Beekman, CISO and VP of Technology at Fortanix. “The ISO 27001 certification helps to ensure that the three dimensions of information security—confidentiality, integrity, and availability—are managed according to internationally recognized best practices and assessed on an ongoing basis.” 

Fortanix’s ISO 27001 certification rounds out the company’s years of effort earning the most widely recognized and prestigious certifications relevant to a cybersecurity solutions provider in the enterprise space, including:   

• FIPS 140-2 Level 3 – This Federal Information Processing Standard (140-2) specifies the security requirements that will be satisfied by a cryptographic module. The certification applies to the Fortanix Data Security Manager deployed in highly secure Hardware Security Modules (HSMs) which are specialized tamper-resistant secure compute and storage devices.  
• SOC 2 – “Systems and Organization Controls 2” is a compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data based on Trust Services Criteria: security, availability, processing integrity, confidentiality and privacy.  
• PCI DSS - The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards formed in 2004 by Visa, MasterCard, Discover Financial Services, JCB International and American Express regarding handling of sensitive credit card data.     
• CIS Level 1 Benchmark - CIS Benchmarks from the Center of Internet Security (CIS) are a set of globally recognized and consensus-driven best practices to help security practitioners implement and manage their cybersecurity defenses. Conformance to the CIS Benchmark for a secure runtime environment applies to Fortanix Data Security Manager version 4.11 or higher running in any deployment model. 

For more information on the Fortanix platform, visit our latest blog content. 

Additional Resources:

• Fortanix announces expanded relationship with AWS and integration with AWS External Key Store (XKS). 
• Register for webinar – AWS + Fortanix: New innovations to accelerate cloud adoption through data security, privacy and compliance. 

• Fortanix announces DSM Explorer, a "free-tier" SaaS edition of Fortanix Data Security Manager.
• View webinar – Elevate data security, sovereignty and privacy in Google Cloud with External Key Manager.
• Fortanix raises $90 million in Series C funding. 
• Fortanix launches the industry’s first Web 3.0-era solutions based on Confidential Computing.

About Fortanix:

Fortanix secures data, wherever it is. Fortanix’s data-first approach helps businesses of all sizes to modernize their security solutions on-premises, in the cloud and everywhere in between. Enterprises worldwide, especially in privacy-sensitive industries like healthcare, fintech, financial services, government, and retail, trust Fortanix for data security, privacy and compliance. Fortanix investors include Goldman Sachs, Foundation Capital, Intel Capital, In-Q-Tel, Neotribe Ventures and GiantLeap Capital. Fortanix is headquartered in Santa Clara, CA.