ISO Certification

1. Overview

Nineteen58 is committed to maintaining the highest standards of information security, quality management, and operational excellence. We are actively pursuing ISO/IEC 27001 certification and are currently undergoing our Stage 1 audit process. This page outlines our commitment to ISO standards and the comprehensive frameworks we have implemented in delivering our services.

Our dedication to achieving and maintaining ISO certification reflects our unwavering commitment to information security excellence and demonstrates the maturity of our security management practices. We have invested significantly in building a robust Information Security Management System (ISMS) that not only meets but exceeds the stringent requirements of international standards.

2. ISO/IEC 27001 - Information Security Management

Current Certification Status

Nineteen58 is currently in the Stage 1 audit phase of ISO/IEC 27001 certification. This initial audit phase involves a comprehensive review of our Information Security Management System (ISMS) documentation, policies, and procedures to ensure readiness for the subsequent Stage 2 audit and full certification.

Our pursuit of ISO/IEC 27001 certification underscores our commitment to:

• Systematic examination and treatment of information security risks across our organization
• Design and implementation of comprehensive, industry-leading security controls
• Adoption of an overarching management process for continuous security improvement
• Continuous monitoring, measurement, and enhancement of security practices
• Demonstrable compliance with international information security best practices

Throughout the certification process, we are working closely with our accredited certification body to ensure that our ISMS meets all requirements of the ISO/IEC 27001:2022 standard. Our organization has embraced this rigorous process as an opportunity to validate our security posture and reinforce our commitment to protecting customer data and maintaining trust.

Key Controls

Our ISO 27001 implementation includes:

• Access control policies and procedures
• Cryptography and encryption standards
• Physical and environmental security measures
• Operations security protocols
• Communications security guidelines
• System acquisition, development, and maintenance standards
• Supplier relationships management
• Information security incident management
• Business continuity planning
• Compliance verification procedures

3. ISO 9001 - Quality Management

Nineteen58 adheres to ISO 9001 standards for quality management systems (QMS), ensuring that our services consistently meet customer and regulatory requirements while continually improving our processes.

Quality Principles

• Customer focus and satisfaction
• Leadership and strategic direction
• Engagement of people at all levels
• Process-oriented approach
• Continuous improvement culture
• Evidence-based decision making
• Relationship management with stakeholders

Quality Objectives

Our quality management system establishes measurable objectives including:

• Service delivery performance metrics
• Customer satisfaction scores
• Process efficiency indicators
• Defect and error rates
• Response and resolution times

4. ISO/IEC 27017 - Cloud Security

As a cloud service provider, Nineteen58 implements ISO/IEC 27017 guidelines, which provide additional cloud-specific controls supplementing ISO 27001 for cloud services.

Cloud-Specific Controls

• Shared responsibility model documentation
• Cloud service customer asset management
• Removal and return of cloud service customer assets
• Protection and separation of the cloud service customer's virtual environment
• Virtual machine hardening requirements
• Administrator operational security for cloud infrastructure
• Monitoring cloud services use and performance
• Virtual and cloud network environment alignment

5. ISO/IEC 27018 - Cloud Privacy

Nineteen58 follows ISO/IEC 27018 code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.

Privacy Controls

• Consent and choice regarding PII processing
• Purpose legitimacy and specification
• Collection limitation
• Data minimization
• Use, retention, and disclosure limitation
• Accuracy and quality of PII
• Openness, transparency, and notice
• Individual participation and access
• Accountability
• Information security for privacy

6. Certification Journey and Maintenance

Current Audit Process

As part of our Stage 1 audit, we are demonstrating the maturity and completeness of our ISMS to our certification body. This phase focuses on:

• Verification of ISMS scope and objectives alignment with business requirements
• Review of documented policies, procedures, and security controls
• Assessment of risk management methodology and implementation
• Evaluation of management commitment and resource allocation
• Confirmation of internal audit program effectiveness
• Validation of legal and regulatory compliance mechanisms

Ongoing Commitment

Upon achieving full certification, Nineteen58 will maintain our ISO certifications through:

• Annual surveillance audits by accredited certification bodies
• Regular internal audits and management reviews
• Continuous monitoring of control effectiveness and performance metrics
• Comprehensive employee training and security awareness programs
• Dynamic risk assessment and treatment processes
• Robust corrective and preventive action procedures
• Tri-annual recertification audits to maintain certification status

7. Audit and Compliance

External Audits

We undergo regular third-party audits to verify our compliance with ISO standards. Audit reports and certificates are available upon request to qualified parties.

Internal Audits

Our internal audit program includes:

• Scheduled audits of all processes and departments
• Verification of control implementation and effectiveness
• Documentation review and compliance checking
• Root cause analysis of non-conformities
• Follow-up verification of corrective actions

8. Continuous Improvement

Nineteen58 embraces a culture of continuous improvement through:

• Regular management reviews of system performance
• Analysis of metrics and key performance indicators
• Customer feedback integration
• Lessons learned from incidents and near-misses
• Benchmarking against industry best practices
• Investment in new technologies and methodologies

9. Scope of Certification

Our ISO certifications cover:

• All core service offerings and platforms
• Supporting infrastructure and systems
• Development and deployment processes
• Customer support and service delivery
• Data centers and cloud infrastructure
• Third-party integrations and partnerships

10. Certification Status and Transparency

Nineteen58 is committed to transparency regarding our certification journey. We are currently in the Stage 1 audit phase of ISO/IEC 27001 certification, with Stage 2 audit and full certification expected to follow upon successful completion of the current phase.

Upon achieving full certification, customers and partners will be able to verify our ISO certifications through:

• Certificate number and issuing certification body details
• Direct verification with the accredited certification body
• Review of certification scope and validity dates
• Access to Statement of Applicability (available upon request to qualified parties)
• Published certification status on our website and compliance documentation

We remain dedicated to keeping our stakeholders informed of our progress throughout the certification process and will provide updates as we advance through each stage of the audit.

11. Additional Standards and Frameworks

Beyond ISO certifications, Nineteen58 aligns with:

• SOC 2 Type II compliance
• GDPR requirements
• CCPA compliance
• NIST Cybersecurity Framework
• Industry-specific regulatory requirements

12. Contact Information

For questions about our ISO certifications, to request certificate copies, or to discuss compliance requirements, please contact our compliance team.