Gojek Is Now ISO 27001 And 27701 Certified
How we worked towards ISO certification and the learnings along the way.
By Seven Jeyaramamoorthy
At Gojek, we have always constantly worked towards striving to ensure security and privacy of our ecosystem of users are of utmost importance. Today, we are glad to announce that Gojek has been certified for ISO 27001 (Information Security Management System — ISMS) and ISO 27701 (Privacy Information Management System — PIMS) compliance.
Our ISO certification was awarded by British Standards Institution (BSI) which is a reputed management systems certification body accredited by around 20 local and international bodies to perform ISMS and PIMS compliance attestations.
How we worked towards ISO certification
We began working towards ISO 27001 and ISO 27701 certification as a way to conform our security and privacy efforts with industry benchmarks and leading practices. These certifications not only validate the maturity of our security and privacy compliance, but also to show our customers that we provide a safe and trusted ecosystem. To get there, we have established a dedicated working team to ensure the compliance and implementation of ISO 27001 and ISO 27701 standards.
In broad strokes, the process involves:
- Scope definition
- Internal gap assessment against the standard requirements
- Policy and procedure development
- Mobilizing an implementation and governance team
- Internal audit on the implementation
- Continual improvement, including regular scope extensions.
What we learnt and how we’re moving forward
Getting certified is a process by which our existing security practices on safeguarding our customers’ and partners’ data are independently and objectively verified as per the industry standards. It is a collaborative effort between the Security Office (CISO) and Data Protection Office (DPO) teams and stakeholders from multiple departments within Gojek. Maintaining the compliance status also means that we remain committed to improving our ISMS and PIMS, thereby continually improving our overall security and privacy posture.
Gojek commitment to Security & Privacy
Obtaining the certificates is not the end of the effort, but it is just the beginning of a commitment to provide a reliable and secure ecosystem. As a result , we must continually improve our security and privacy standards, as well as ensure that existing practices are consistent. The idea of continual improvement rests at the core of ISO 27001 and ISO 27701 and at the core of how we operate here at Gojek Group.
To check out more stories from our vault, click here.