<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=YOUR_ID&amp;fmt=gif">

ISO 27001:2022

Independently held by VIDIZMO, audited and issued in VIDIZMO’s own name. 

What It Is

ISO 27001:2022 is an internationally recognized standard for information security management systems (ISMS), independently audited and certified.

What It Majorly Requires, and How VIDIZMO Supports It

  • An Information Security Management System (ISMS) with a defined scope: covers the information security management system for all VIDIZMO service lines.
  • Ongoing risk assessment and treatment, and documented policies: backed by a formal Information Security Program with regular internal risk assessments and policy reviews.
  • A certification audit by an accredited certification body, repeated on a 3-year cycle with annual surveillance audits: VIDIZMO holds Certificate #RA-2507091, issued by the United Kingdom Accreditation Service (UKAS), VIDIZMO’s accredited certification body, on July 9, 2025, valid through July 8, 2028.

Customers can review VIDIZMO’s compliance annually, through a meeting with our team, a completed audit questionnaire, or supporting documentation, generally under a mutual non-disclosure agreement when sensitive internal detail is involved.

How the ISMS Is Maintained Across the Lifecycle

Software Development

  • Security user stories built into the Agile process
  • A Definition of Done that includes security requirements
  • Threat modeling before code is written
  • Secure code reviews
  • Static Application Security Testing (SAST) integrated into the development environment

Production

  • Dynamic and Interactive Application Security Testing (DAST, IAST) during the testing phase
  • Patch management for third-party releases
  • Security gates with dependency scanning built into CI/CD pipelines (Azure DevOps, GitHub Actions)

Operations

  • Weekly automated vulnerability scans
  • Quarterly independent penetration testing
  • Real-time audit logging retained in tamper-evident, immutable storage
  • A documented incident response plan
  • Annual security awareness training for staff
back to top