Skip to main content
Toustone ISO

Sometimes it can feel like there are a million and one certifications out there. But which actually matter? Well, we asked ourselves this question some time ago, and ISO 27001:2022, the International Standard for Information Security Certification, was an absolute standout.

Why ISO 27001:2022?

This certification signifies that our information security practices are acknowledged as comprehensive and aligned with global best practices. This matters to us, our partners, and, of course, gives our clients additional peace of mind.

“From the moment we launched Toustone 10 years ago, we wanted to make sure we always put our customers first and took their interests to heart, so security has always been a top priority for us. By obtaining ISO 27001:2022 certification, we hope to futher demonstrate that commitment at Toustone,” shared Craig Lefoe, CEO at Toustone

At the core of Toustone’s BI, data analytics, predictive analytics, and reporting work is data. We deal with large amounts of data, which is often confidential. Our clients place an incredible amount of trust in us to ensure their data and insights are safe. The ISO 27001:2022 certification process puts us to the test to ensure we do just that.

External Endorsement and Continuous Improvement

Toustone also wanted external endorsement of our stringent internal security practices. Plus, we knew that going through an audit opens new opportunities for identifying how we can continually improve our information security practices.

“It took us about 10 months of hard work from a team of Toustonians and our security advisory partner Morrisec to achieve ISO 27001:2022 certification. It was a significant milestone for Toustone and a testament to our commitment to maintaining the highest standards of data security, and privacy.” commented Chris Horn, CFO at Toustone.

This certification is not just a feather in our cap; it offers tangible benefits to our clients, ensuring their data is protected by robust security measures. We are committed to staying up to date with whatever is required to ensure we remain ISO certified.

Why Toustone’s ISO 27001:2022 Certification Matters to Us (And You)

The official ISO website summarises the business benefits of certification succinctly into these key points:

  • Resilience to cyber-attacks
  • Preparedness for new threats
  • Data integrity, confidentiality, and availability
  • Security across all supports
  • Organisation-wide protection
  • Cost savings.
  • But for us at Toustone, here are four reasons why it matters to us and why it matters to you, our clients, or if you are considering partnering with us:

    1. Unparalleled Data Security

    ISO 27001:2022 provides a comprehensive framework for an Information Security Management System (ISMS), ensuring all aspects of data security are covered. This means we have implemented stringent controls to protect your data from breaches, unauthorised access, and other cyber threats. With data breaches becoming increasingly common, partnering with a certified company like Toustone ensures your sensitive information is safeguarded with the highest standards. This certification is globally recognised and demonstrates our commitment to maintaining high standards of information security, which can enhance your trust in our services. Knowing that Toustone is ISO 27001:2022 certified provides you with confidence in our ability to protect your data.

    2. Meet Regulatory Compliance

    For many industries, compliance with legal and regulatory requirements is crucial. ISO 27001:2022 certification helps Toustone align with various local and international regulations, reducing your risk of non-compliance penalties. This is particularly important in sectors like finance and healthcare, where data protection regulations are stringent. In fact, though not required as part of ISO Certification nor mandated in Australia, at Toustone we have gone one step further when it comes to privacy and have also implemented measures to ensure we are GDPR compliant.

    3. Effective Risk Management

    The certification process includes rigorous risk assessment and management practices. We proactively identify potential threats and implement controls to mitigate them, while conducting regular security audits and assessments to uncover and address vulnerabilities
    This proactive approach ensures that we are prepared for any security incidents, minimising their impact on your operations and data. At Toustone, ISO 27001 is a living, breathing commitment. We talk about compliance and standards regularly, undertake regular audits, and thoroughly assess any new practices or tools across the whole organisation.

    4. Continuous Improvement

    ISO 27001:2022 is not a one-time certification; it requires continuous monitoring and improvement of our ISMS. This means Toustone is constantly updating our security measures to address new threats and vulnerabilities, ensuring that your data remains protected at all times.

    How Does Toustone Protect Your Data?

    Following are some of the measures we take to protect your data:

    High Availability: High Availability in Toustone Cloud is delivered via replicating key infrastructure components across different availability zones. Availability zones are discrete physical data centres at different locations.

  • The platform is completely encrypted from one end to the other.
  • Connections into the environment are encrypted with 128-bit TLS 1.2 connections.
  • All data is encrypted at rest (AES 256).
  • Security: Backend platform configuration, Yellowfin backup files, and Yellowfin configuration data are encrypted both in transit and at rest. AWS security components are used to ensure the platform as a whole and individual environments are secure and used to monitor for anomalous activity. Tools we use to provide security within our AWS based platform:

  • Identity & Access Management
  • Cognito
  • GuardDuty
  • Certificate Manager
  • Key Management Service
  • Trusted Advisor
  • Cloud Trail
  • Security Hub.
  • To dig deeper you can view our Policies and Procedures. They outline the rules, guidelines, and procedures Toustone adheres to in protecting organisations’ ICT systems and client data from security threats.

    You can also download our two-page Toustone Data Security Information Sheet.

    We Treat Your Data As If It’s Our Own

    If there is one message we’d like you to glean from this article is that we treat your data as if it were our own. By choosing to partner with Toustone, you are aligning yourself with a company that prioritises your data security, complies with international standards, and continuously strives to improve its security practices. This not only protects your data but also enhances your business’s credibility and trustworthiness in the eyes of your clients and stakeholders.

    For more information about ISO 27001:2022 and its benefits, you can refer to resources from the International Organisation for Standardisation.

    To dig deeper you can view our Policies and Procedures. They outline the rules, guidelines, and procedures Toustone adheres to in protecting organisations’ ICT systems and client data from security threats.

    You can also download our two-page Toustone Data Security Information Sheet.

    Sign up for our newsletter