.png)
Since early February 2018, Whispli is ISO 27001 certified – the global standard for Information Security.
In a context of constant threat where data of businesses can be exposed, we are committed at Whispli to make our processes and services evolve and not only follow with best practices but exceed them by going the extra mile. We are well aware of the risks linked to sensitive data and we protect our customers and users’ information.
What is ISO 27001?
ISO 27001 is a global standard that empowers our business to improve its overall information security posture.
Our friend at Aptible, Chas, describes it particularly well: think of ISO 27001 as a baseline for good security management processes. “We take security seriously” is a cliché; many developer teams know they would benefit from an organized approach to security but don’t know where to start.
Teams seeking ISO 27001 certification need to be organized. Like most major information security protocols (SOC 2, HIPAA, PCI, etc.), ISO 27001 requires:
- Proactive risk management, instead of just reacting to bad things as they happen.
- Planning ahead for security and setting appropriate security improvement goals.
- Writing down the rules for how security is supposed to work for your system (in policies and procedures).
- Training your workforce on those rules, with advanced training for those with more security responsibilities.
- Responding to incidents, including training for and managing security/availability breaches.
On a practical level, you’ll probably see a focus on MFA, password managers, mobile device management, and regular penetration testing.
.avif)
How does Whispli’s ISO 27001 certification benefit you?
Some organizations claim to be ISO 27001 "compliant." Beware of the scam: anyone can claim they “comply” with ISO standards.
The gold standard is a certification performed by an “accredited” certification body, or auditor. Being “accredited” means the auditors have themselves been audited against an ISO standard for how they conduct audits and certifications.
Getting organized about security helps us protect your data
It is, above all, a set of processes: it is an ongoing mission. With developer teams, big issues can arise from seemingly little things – ISO 27001 certification means we’ve thought this through, put controls in place, and mitigate pending risks.
Every day, we improve our platform to satisfy our customers’ needs. This doesn’t change the way you use Whispli – but for us, it means a permanent involvement in risk control and security.
✅ Oh – and we're also GDPR compliant. There is not yet a certification body for GDPR; once it's available, we have no doubt we'll easily get certified.
What does it mean for Whispli?
At Whispli, we are protected from loss, theft, or alteration of data – not only by securing our IT systems but by putting in place good practices for a 360° security:
- IT Security policies: Covering all items of the Statement of Applicability + Incident and Asset Registers.
- Risk identification: Threats are identified, assessed, and managed. Risk mitigation strategies are set for all residual items.
- Regular Audits: Both internal and external. 3rd party audits include penetration testing (minimum once a year), code reviews, and vulnerability scanning.
- General best practices: Including clean desk policies, session timeouts, and automatic logouts.
Conclusion
In an era where data is the most valuable—and vulnerable—asset an organization holds, "trust us" is no longer a viable security strategy. By achieving ISO 27001 certification, Whispli provides more than just a promise; we provide independently verified proof that your sensitive disclosures are handled with the highest level of security.
Security isn't a destination we reached in 2018—it’s a continuous journey of improvement. Whether it’s through end-to-end encryption or our commitment to GDPR compliance, our goal is to ensure that your whistleblowers feel safe and your organization remains resilient. With Whispli, you’re not just choosing a platform; you’re choosing a partner that puts information integrity at the heart of everything we do.
%201.avif)
%201%20(2).avif)
%201%20(1).avif)
