Kate Armitage | Sep 06, 2022

ISO 27001 Certification and What This Means for OneStream Customers

Ensuring the availability, confidentiality, and integrity of valuable and crucial information and operational process is at the heart of a successful organization. The world we live in has changed from an industrial economy to a digital society.  So with the advancement of cyberattacks and ransomware efforts, which present major risks to individuals, businesses, and governments alike; the importance of information security and robust cyber security posture have never been more relevant.

OneStream’s Proactive Approach

OneStream continues to invest in security and compliance as part of our ongoing efforts to be the trusted provider of CPM software and is proud to announce that on 24th August we achieved ISO 27001 Certification for our Information Security Management System (ISMS). This marks the latest addition to OneStream’s compliance portfolio, preceded by SOC reports, FedRAMP ATO, and the Cloud Security Alliance CAIQ to name a few.

Certification of OneStream’s ISMS prioritizes client data protection through implemented controls including security-by-design product development, data encryption, vulnerability management, business continuity, disaster recovery plans, and much more. Customers, prospects, partners, and employees can expect systematic and ongoing management of information security risks that can affect the confidentiality, integrity, and availability of corporate and personal information across IT, Physical Security, and Operational Technology systems.

What are an ISMS and ISO 27001?

ISO 27001 Certification

An (ISMS) is a documented program for designing, implementing, managing, and maintaining a dependable security program within an organization to protect confidentiality, integrity, and availability of information; be that customer or internal data. ISO 27001 is one of the most widely recognized and internationally accepted information security standards and one of the few that uses a top-down, risk-based approach to evaluation. It not only provides the know-how but getting certified against the standard demonstrates to our customers, prospects, partners, and employees that OneStream safeguards their data.

To achieve the certification, OneStream’s security compliance was validated by an independent audit firm, Alcumus ISOQAR. The staged audit involves a rigorous process of demonstrating an ongoing and systematic approach to managing and protecting the company and customer data. This includes a comprehensive review of all levels of security management, including physical protection, security of products and services, the involvement of the management team, and access to personal user data.

I have been involved in implementing and managing ISO standards for much of my career and believe ISO 27001 is one of the key ones to obtain in today’s climate of the ever-present risk of an information security breach. Achieving our ISO 27001 certification is a proud moment.  We often say at OneStream that it takes a village and that couldn’t be truer in this case. Everyone is responsible for Information Security and this achievement reflects everyone at OneStream’s hard work and ongoing commitment to ensuring the Confidentiality, Integrity, and Availability of our and our customers’ data’.

What does our ISO 27001 certification mean for our customers?

Your data is safe and secure.

ISO 27001 provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system using a top-down, risk-based approach that is technology-neutral.

You can verify our practices.

Along with our SOC Reports, our ISO 27001 Certificates and Audit Reports are available to existing customers via the OneStream MarketPlace.  Prospective customers who are interested in this information can request it via your account representative, or by filling out the form on the Contact Us page on our website.

You can trust that we’ll maintain these practices.

As part of our adherence to ISO 27001, we will undergo annual audits by an independent accredited third party to maintain these certifications.

Learn More

ISO 27001 is not only about protecting data; it’s also about improving our business. Achieving the ISO 27001 certification is the result of a huge amount of effort and involvement from every member of OneStream, and we are constantly challenging ourselves and striving to improve our service and provide the highest security standards to our customers, partners, and employees.