Home » Blog » Consultant Resources » PI receives ISO-27001, a prominent information security certification

PI receives ISO-27001, a prominent information security certification

After months of hard work and rigorous testing, The Predictive Index is proud to announce we’ve received one of the world’s most prominent information security management certifications: ISO-27001.

Our initial certification was awarded on 01-31-2022 and will remain valid until 01-30-2025. To view our initial certificate, click here. For more information, please visit our Trust Center.

What is ISO?

The International Organization of Standardization (ISO) is an international organization that develops worldwide standards across fields ranging from science to manufacturing. These standards are intended to promote and measure product excellence, safety, and security.

According to the ISO, each standard is a “formula that describes the best way of doing something.” Standards are created by experts in each field who have a passion for improving quality and excellence.

ISO maintains tens of thousands of standards, each of which is widely recognized as authoritative.

What is ISO-27001?

The ISO-27001 is a common standard for ensuring data security in information technology. ISO-27001 isn’t required by government regulation. Instead, organizations voluntarily pursue certification to prove the excellence of their security standards.

Why does ISO-27001 certification matter?

Certification means safety: clients can trust their data won’t get stolen or misused. 

It doesn’t mean a security breach could never happen. But just like a medical degree ensures your doctor meets high standards of training and professionalism, ISO-27001 certification ensures PI has exceptional protocols for preventing and managing security breaches.

The certification also saves time for both PI and our clients. Our clients often submit security questionnaires, which requires a manual response from our Customer Support team. This certification answers the questions most security questionnaires would ask, with the additional benefit of verification by a third party.

What are the requirements for ISO-27001 certification?

To receive ISO certification, PI first needed to implement the standard. Afterwards, our security protocols were subjected to a two-stage audit. Now that we’ve received certification, we’re subject to ongoing review.

Implementing the standard

First, we designed and developed a series of policies that aligned with ISO-27001 controls. These standards include:

  • Security Program Standards
  • Secure Applications Standards
  • Secure Systems Standards
  • Business Continuity Standards

To ensure compliance with our new standards, we developed a dedicated security team to cover the following disciplines:

  • Application Security
  • Security Operations
  • Governance Regulation & Compliance.

Two-stage audit

Stage 1

In Stage 1, ISO reviewed our documentation and interviewed employees, with two goals:

  1. Ensure our internal standards matched ISO standards.
  2. Ensure those internal standards were actually followed.

Stage 2

In Stage 2, PI underwent a more rigorous review. It wasn’t enough to simply follow the rules: instead, we had to prove our security processes were robust by passing site inspections and control tests.

This review covered a variety of important security information, such as:

  1. The presence and comprehensiveness of our Security Awareness Training.
  2. Penetration test results.
  3. Code review samples.
  4. Asset management procedures.
  5. Data anonymization procedures.

Ongoing review

We’re proud to say we’ve passed all tests and reviews—but certification doesn’t stop there. Every year ISO will audit our security to ensure we still meet the standard. Additionally, we have to recertify in 2025.

Where can I find PI’s ISO-27001 certification?

If you’d like to view a copy of the certificate, click here.

What if I have additional questions?

If you have additional questions about our security measures, we recommend contacting our Customer Service team.

The latest from our blog

Hiring

How to Run an Interview Debrief

An interview debrief turns individual feedback into a collective hiring decision, but only if it's structured well. Here's...

Psychological Safety

Meta’s Record Quarter Has a People Problem

Meta's morale crisis isn't a layoff story. It's a change management failure, and a warning for every HR...

Hiring

Pre-Employment Screening: How to Identify High-Fit Candidates Early

Learn what pre-employment screening is, how it works, and the best ways to identify high-fit candidates earlier in...

Employee Engagement

The Real Cost of Employee Turnover (And How to Stop It)

When people keep leaving, it's easy to wonder what you're missing. You've invested in your team, you're paying...

Artificial Intelligence

What AI can’t teach your early-career employees (and what managers can)

AI is automating the work that taught junior employees how to grow. Here's what managers must do to...

Hiring

What Is Quality of Hire? Definition, Metrics, and How to Measure It

Quality of hire is the metric that picks up where the others leave off. It measures whether the...

Change Management

The importance of organizational change management

One of the secrets of today’s most agile organizations: Instead of spending time preparing for what they think...

Hiring

How to Build a Defensible Hiring Process in the AI Era

Is your hiring process legally defensible? Learn how job targeting helps HR cut through AI resume noise ,...

Leadership

What is an all-hands meeting: a complete guide

All-company meetings should cover relevant information while addressing core values and goals. But they also present opportunities for...

Back to top
Copy link