Kiteworks Achieves ISO 27001, ISO 27017, and ISO 27018 Certifications in Near Record Time

Kiteworks customers gain further security assurances on their use of the Kiteworks Private Content Network.


PALO ALTO, Calif., Oct. 25, 2022 (GLOBE NEWSWIRE) -- Kiteworks, which delivers data privacy and compliance for sensitive content communications through its Private Content Network, announced today that it received ISO 27001:2013, 27017:2015, and 27018:2019 certification for the Kiteworks Private Content Network. The rigorous audit and certification process was performed by Moss Adams and conforms with international standards.

Kiteworks ISO 27001, 27017, and 27018 certifications build upon an already impressive list of compliance achievements that include, but are not limited to, FedRAMP Authorized for Moderate Impact Level, SOC 2, FIPS (Federal Information Processing Standard) 140-2, and IRAP (Information Security Registered Assessors Program) assessed against PROTECTED level controls. With this foundation of security frameworks and certifications in place, Kiteworks’ Security and Compliance Team was able to complete the certification process for all three ISO standards in less than five months—as compared to a typical time frame of 6 to 12 months for other organizations.1

Kiteworks Adheres to International ISO Security Standards

Issued and maintained by the International Organization for Standardization (ISO), the ISO 27000 standards are some of the most widely recognized and internationally accepted information security standards. ISO 27001, 27017, and 27018 pertain to best practices for managing information risks by implementing security controls within the broader framework of information management systems.

ISO 27001:2013: Information security management that preserves the confidentiality, integrity, and availability of information by applying a risk management process. Consists of 114 controls grouped into 14 categories.

ISO 27017:2015: Supplements the ISO 27001 framework for cloud computing environment by including additional information, security measures, and implementation guidance. Consists of 37 controls found in ISO 27001 as well as seven additional ones.

ISO 27018:2019: Code of practice for the protection of personally identifiable information (PII) in public clouds. Consists of controls found in ISO 27001 as well as 25 additional ones.

Key Benefits of Kiteworks’ ISO 27001, 27017, and 27018 Certifications

Key benefits of Kiteworks’ ISO 27001, 27017, and 27018 certifications for customers include:

  • Confirmation that extensive governance and security tracking and controls are in place to keep sensitive content private
  • Kiteworks customers can demonstrate to their suppliers and customers their commitment to keep sensitive content communications private and compliant with global standards
  • Assurance that business resiliency is built into all Kiteworks hosting options
  • Ability to verify compliance with various data privacy regulations such as GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), and HIPAA (Health Insurance Portability and Accountability Act), among others
  • Verification of where data is stored for customers using Kiteworks-hosted cloud deployments
  • Confirmation that Kiteworks employs a defense-in-depth approach, including hardened appliances, that protects customer-sensitive content communications from malicious cyberattacks
  • Ongoing accreditation process confirms Kiteworks’ commitment to keeping data safe

“Kiteworks is fully committed to keeping our customers’ sensitive content communications private and in compliance with global and regional regulations,” said Frank Balonis, Kiteworks’ CISO and SVP of Operations. “In addition to a number of other security certifications that we hold, these ISO certifications provide additional assurance to our customers—and their customers and suppliers—that Kiteworks adheres to comprehensive security controls and practices that enable them to keep sensitive content like PII, financial records, and intellectual property private.”

For more on the Kiteworks Private Content Network, watch the video here.

About Kiteworks

Kiteworks' mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content. The Kiteworks platform provides customers with a Private Content Network that delivers content governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive content moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive content communications.

Media Contact
Patrick Spencer
VP of Corporate Marketing
press@kiteworks.com


1 Luke Irwin, “ISO 27001 Certification: 10 Easy Steps,” IT Governance USA, November 18, 2021.