www.digilock.com Open in urlscan Pro
2a05:d014:58f:6200::64  Public Scan

Submitted URL: https://cqyt504.na1.hubspotlinks.com/Ctc/5D*113/cQYT504/VWqkvp1s50CQW8Q0R-Z1xk4hhW1xTZ7Q5887DSN7KkK2l3qn9gW8wLKSR6lZ3phW7spJ8D76zj_MW...
Effective URL: https://www.digilock.com/blog/post/digilock-soc2-iso-certifications/?utm_campaign=Digilock%20US&utm_medium=email&_hsmi=28...
Submission: On January 11 via manual from US — Scanned from DE

Form analysis 1 forms found in the DOM

<form action="" novalidate="" class="ais-SearchBox-form"><input autocomplete="off" autocorrect="off" autocapitalize="off" placeholder="Search Digilock" maxlength="512" type="search" class="ais-SearchBox-input"></form>

Text Content

 * English
   Simplified ChineseTraditional
   ChineseDutchEnglishFrenchGermanJapaneseKoreanPortugueseSpanishTurkishPolishCroatianItalian
 * Contact

Menu
 * Industries
   * Workspace
   * Healthcare
   * Pro/College Sports
   * Education
   * Retail
   * Manufacturing
   * Health/Fitness
   * Hospitality
   * Government
 * Locks
   * Locks Overview
   * Smart Locks
   * Electronic Locks
   * Hardwired Lock
   * Mechanical Lock
 * Specialty Lockers
 * About
 * Where to Buy
 * Blog
 * Support
   * Product Support
   * Upgrader Program
 * 

Overlay


YOUR SECURITY IS OUR PRIORITY


DIGILOCK ACHIEVES SOC 2 AND ISO CERTIFICATIONS

As a security-focused organization, Digilock understands the evolving and
dynamic threat landscape within our global economy and the paramount importance
of proactively implementing security practices to protect the information and
resources utilized within our business. Implementing these safeguards includes a
combination of people, processes, and systems working together to ensure we
follow best practices for information security and data privacy to protect our
business assets, company information, and customer data.

‘Security Simplified’ is our guiding principle which reflects our dedication to
making storage security effortless and manageable. We strive to provide locks
and security services that are user-friendly and straightforward, making safety
more attainable for everyone. By implementing best practice security and privacy
measures, we assure our customers and stakeholders that our organization can be
trusted to safeguard their sensitive and confidential information.

Our leadership is deeply committed to showing — not just saying — that we're
exceptionally good at keeping things secure. To measure these commitments, we
have completed AICPA SOC 2 Type 2 certification and ISO’s ISO27001 and ISO27701
certifications for our DigiLink web application product.


SOC 2, ISO27001, ISO27701 STANDARDS

Service Organization Control (SOC) standards are issued by the American
Institute of Certified Public Accountants (AICPA), a prominent professional
organization in the United States that represents certified public accountants
(CPAs) and accounting professionals. The AICPA is responsible for developing and
maintaining the SOC framework, including SOC 1, SOC 2, and SOC 3 reports.

SOC 2 reports are designed to evaluate and report on the security practices at a
service organization, such as Digilock, to provide an independent, objective
opinion on the state and effectiveness of the security practices implemented by
the service organization. These reports result from an audit conducted by a
third-party CPA firm, which includes the evaluation of policies and procedures,
documentation, system operations, and a series of interviews with company
subject matter experts and process owners. The resulting report includes an
auditor’s opinion on whether security practices (and where relevant privacy
practices) meet the best practice security standards established by the AICPA.

ISO27001 and ISO27701 standards are similar to SOC standards in that they
establish a benchmark for evaluating best practices for information security and
data privacy; however, they are issued by the International Organization for
Standardization (ISO). Certification for adherence to ISO standards also
includes the performance of a third-party audit; however, ISO standards are
known for being a more comprehensive measure of information security and data
privacy compliance.

Our organization is certified for SOC 2 Type 2, ISO27001, and ISO27701 for our
DigiLink web application environment. The coverage for our DigiLink web
application environment includes all information technology operations related
to our DigiLink web application product and some organizational processes
related to Digilock corporate operations. Customers using our DigiLink web
application to manage their 6G networked Smart Lock products purchased from
Digilock can review these certifications and reports to gain comfort that data
is protected when processed and stored by the DigiLink application.

Our journey to achieving compliance

Reaching our SOC 2 and ISO27001/ISO27701 compliance milestone was a multi-year
journey that included investing time and resources to fortify our organization’s
security and data privacy practices and culture. We engaged information
technology, security, and data privacy specialists to provide their expertise on
how our company could improve existing security and privacy practices to adhere
to these benchmark standards.

As a result, we implemented new policies, procedures, systems, training, and
communication activities that made our security and privacy practices more
robust, measurable, and aligned with the industry standards for security and
privacy excellence.


OUR COMPLIANCE SAFEGUARDS CUSTOMER TRUST

In an era where digital threats loom, customers expect businesses to safeguard
their data. This can be attributed to the growing awareness of cyber threats and
data breaches that impact large and small businesses and their customers' data.
Our customers expect we will do our best to protect their data and our company
from being victim to these threats and risks.

To ensure we combat these threats and risks as best as possible, we implement
various measures that reduce the likelihood and overall risk of our organization
being victim to a cyberattack or significant incident impacting our security and
customer data. Achieving SOC 2 and ISO27001/ISO27701 certifications provides an
unbiased opinion on our security and privacy operations to demonstrate that we
have appropriately implemented these measures. Receiving these certifications
illustrates our trustworthiness and accountability for security and privacy to
our customers and stakeholders, providing them with confidence that we're not
just committed but also capable of protecting their data.


IMPORTANT SECURITY AND PRIVACY MEASURES INCLUDED IN SOC 2 AND ISO COMPLIANCE

Although we have implemented many security and privacy measures to adhere to SOC
2 Type 2 and ISO27001/ISO27701 standards, the following criteria are crucial to
the protection of customer data and the continued achievement of these security
certifications:

Leadership oversight and governance
Our company’s leadership team includes various C-Suite Executives and security
experts responsible for monitoring our risk management practices, including
security and privacy measures, to ensure these measures meet the expectations
and standards of our company’s internal and external stakeholders.

Policies and procedures
We have established information security policies and procedures that govern the
activities performed by our employees when interacting with computers and data
within our company. Documenting and communicating policies and procedures is
essential for our company to ensure that our team members know and follow our
defined best practices.

Access management
We have implemented several measures to ensure that access to our company’s
systems, physical locations, and IT resources are restricted from unauthorized
access, limiting access to employees and personnel who are verified as
appropriate. Further, we ensure that any employees or personnel with access to
our systems have the correct level of access within the system to ensure they
can only perform necessary activities for their roles and responsibilities

Network security
We have implemented network level security protections within our IT computing
environment that stores and processes customer data. This includes security
measures such as firewall protections, remote access encryption, data
transmission encryption, systems operations monitoring, intrusion prevention
solutions, and several other measures that protect our IT network from being
accessed by unauthorized or malicious parties

Risk assessments
As a requirement of security standards and data privacy laws, we conduct several
risk assessment activities within our organization to evaluate potential threats
and adverse events that could impact our environment’s security and data privacy
practices. These risk assessment activities provide a proactive approach to
assessing the state of security within our company, requiring anticipation of
adverse events and worse case scenarios and responses to these identified
events. By conducting these risk assessment activities, we can proactively
identify solutions that will assist with detection, prevention, identification,
and response to these scenarios.

Data privacy procedures
Data privacy is concerned with the protection of personal information that our
organization handles. Data privacy laws, such as the General Data Privacy
Regulation (GDPR), and data privacy standards, such as ISO27701, have specific
requirements that serve the interests of individuals. These include handling
personal information in accordance with agreed-upon instructions of data
controllers, adherence to data subject rights, incident and breach notification
procedures, and safeguarding personally identifiable information with security
protection and industry-standard encryption. Our ISO27701 compliance
demonstrates that these privacy requirements have been implemented within our
operating environment for the DigiLink web application.

Security training Digilock employees and team members are integral to
maintaining security within our organization. To ensure all personnel maintain
awareness of security and privacy best practices, we require all new employees
to complete security awareness training during their onboarding activities, and
all existing employees complete security awareness training annually. These
security courses include education and training about common security threats,
tactics, and best practices to defend against them.


CONTINUOUS EVALUATION

Our commitment doesn't end with these certifications. We engage in ongoing
evaluations to ensure our practices not only meet but exceed industry standards.
All of the above, and a few other important systems and processes, are evaluated
during our annual SOC 2 and ISO audits and operate to ensure we protect our
company and customer data within our organization. Digilock is committed to
maintaining security and privacy safeguards and adherence to SOC 2 Type 2,
ISO27001, and ISO27701 standards and will undergo annual evaluations to ensure
that we meet industry standards.

Get a copy of our SOC 2 and ISO reports
Customers interested in viewing our detailed SOC 2, ISO27001, and ISO27701
reports can request copies through our Contact Us page.

< Back to all Blogs


HAVE QUESTIONS?

Contact UsFAQ

DIGILOCK AMERICAS

 * U.S.A
 * Contact Sales / U.S.

 * Telephone +1 707-766-6000

 * Toll-Free     800-989-0201

FOLLOW U.S.

DIGILOCK EUROPE BV

 * The Netherlands
 * Contact Sales / Europe
 * Telephone +31 0 20 303 3060
 *  

FOLLOW EUROPE

DIGILOCK ASIA

 * Hong Kong
 * Contact Sales / Asia
 * Telephone+852 2776 0800
 *  

FOLLOW ASIA



CUSTOMER CARE

 * Find Dealers
 * Support
 * Contact

DIGILOCK

 * Careers
 * About
 * Blog
 * Privacy Policy
 * Privacy Request Form
 * Manage Cookies
 * Patents
 * Sustainability and Emissions
 * Terms and Conditions


© 2024 Digilock. All rights reserved.