To demonstrate the company’s dedication to information security, Proctorio has become the first learning integrity platform to achieve ISO/IEC 27001:2013 certification. Proctorio has received third-party accreditation in accordance with the published International Standards Organization criteria. A-LIGN, the third-party auditor that completed Proctorio’s SOC 2 Type 1 security audit in February 2021, also performed Proctorio’s initial certification audit to certify Proctorio’s ISMS against the ISO 27001 standard.
The initial certification audit was conducted in two stages: stage 1 and stage 2. On March 8, 2021, A-LIGN completed stage 1, which included reviewing the documented ISMS information, obtaining the necessary information regarding the scope of the ISMS, and determining the preparedness for stage 2. Between April 19, 2021 and April 30, 2021, A-LIGN proceeded to evaluate the implementation, including effectiveness, of Proctorio’s ISMS. After these two stages, A-LIGN found zero major nonconformities, signaling that Proctorio’s ISMS was effectively implemented and managed.
“In order to achieve this milestone, Proctorio uses a thorough internal control policy and system that addresses over 350 standards for a highly-secure ISMS,” said Mike Olsen, Founder and CEO of Proctorio. “One by one, we explained how we implement each standard within our organization, measured the implementation internally, and invited a third party to verify our work. Working with A-LIGN to audit our information security processes has been an extremely validating and gratifying experience for the entire organization.”
ISO 27001 was developed by the International Standards Organization (ISO) and the International Electrotechnical Commission (IEC) to standardize the process for establishing, implementing, operating, monitoring, reviewing, and maintaining an ISMS. By the end of August, Proctorio will add another security milestone to its collection by completing the SOC 2 Type 2 security audit, an internal controls report that verifies how a company safeguards customer data.