ISO/IEC 27001:2013

Managing information security risks.


The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a membership of 163 national standards bodies.

The ISO/IEC 27000 family of standards helps organizations keep information assets secure. ISO/IEC 27001 is a security standard that outlines and provides the requirements for an information security management system (ISMS). It specifies a set of best practices and details a list of security controls concerning the management of information risks.

While the 27001 standard does not mandate specific information security controls, the framework and checklist of controls it lays out allows BrightInsight, a Flex Company to ensure a comprehensive and continually improving model for security management.

The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS) which defines how BrightInsight perpetually manages security in a holistic, comprehensive manner. This widely-recognized international security standard specifies that BrightInsight does the following:

  • We systematically evaluate our information security risks, taking into account the impact of threats and vulnerabilities.
  • We design and implement a comprehensive suite of information security controls and other forms of risk management to address customer and architecture security risks.
  • We have an overarching management process to ensure that the information security controls meet our needs on an ongoing basis.

The BrightInsight Platform has certification for compliance with ISO/IEC 27001:2013. These certifications are performed by independent third-party auditors. Our compliance with these internationally-recognized standards and code of practice is evidence of our commitment to information security at every level of our organization, and that the BrightInsight security program is in accordance with industry leading best practices.

IS/IEC 27001:2013 Certificate