ISO 27001:2022
Independently held by VIDIZMO, audited and issued in VIDIZMO’s own name.
What It Is
ISO 27001:2022 is an internationally recognized standard for information security management systems (ISMS), independently audited and certified.
What It Majorly Requires, and How VIDIZMO Supports It
- An Information Security Management System (ISMS) with a defined scope: covers the information security management system for all VIDIZMO service lines.
- Ongoing risk assessment and treatment, and documented policies: backed by a formal Information Security Program with regular internal risk assessments and policy reviews.
- A certification audit by an accredited certification body, repeated on a 3-year cycle with annual surveillance audits: VIDIZMO holds Certificate #RA-2507091, issued by the United Kingdom Accreditation Service (UKAS), VIDIZMO’s accredited certification body, on July 9, 2025, valid through July 8, 2028.
Customers can review VIDIZMO’s compliance annually, through a meeting with our team, a completed audit questionnaire, or supporting documentation, generally under a mutual non-disclosure agreement when sensitive internal detail is involved.
How the ISMS Is Maintained Across the Lifecycle
Software Development
- Security user stories built into the Agile process
- A Definition of Done that includes security requirements
- Threat modeling before code is written
- Secure code reviews
- Static Application Security Testing (SAST) integrated into the development environment
Production
- Dynamic and Interactive Application Security Testing (DAST, IAST) during the testing phase
- Patch management for third-party releases
- Security gates with dependency scanning built into CI/CD pipelines (Azure DevOps, GitHub Actions)
Operations
- Weekly automated vulnerability scans
- Quarterly independent penetration testing
- Real-time audit logging retained in tamper-evident, immutable storage
- A documented incident response plan
- Annual security awareness training for staff