Goelett is pleased to announce the successful renewal of the ISO 27001 certificate with upgrade to new version of the norm ISO 27001:2022. This important certification, granted by The British Standards Institution (BSI), is a testament to our ongoing dedication to maintaining the highest standards in information security management.
ISO 27001, an internationally recognized standard, sets forth the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). With the renewed ISO 27001 certification, our clients can rest assured that Goelett remains a secure platform for managing their travel needs.
Goelett’s key information security measures include:
Effective Security Management:
Goelett has a robust Information Security Policy and Information Security Management System (ISMS). Based on regular assets inventory review and risk analysis, Goelett implements technical, operational, and legal measures to ensure availability, integrity and confidentiality of sensitive data.
All team members involvement:
At Goelett, every team member, from leaders and managers who lead by example to individual employees and contractors, assumes responsibility for information security and data privacy. We built awareness throughout our team and provide training to ensure a correct response to cyber threats in every role. It’s the first training that employees receive within the company.
Secure Software Development Lifecycle:
Goelett’s software development cycle, certified with ISO 27001, prioritizes quality assurance, privacy, and security from planning to implementation, ensuring robust code through peer reviews, automated vulnerability scans, and thorough testing.
Data Protection:
We adhere to stringent data protection measures, ensuring the confidentiality, integrity, and availability of sensitive information. Goelett’s commitment to data privacy extends beyond ISO 27001 compliance. We have implemented an Ethical Use of Technology Policy, incorporating privacy by design principles. We limit the purpose of data processing, minimize data collection, and ensure accurate data handling in a lawful and transparent manner.
Access Management:
Clients can rely on Goelett’s well-defined policies and processes for segregating duties, granting, and revoking access rights, and conducting regular access reviews. A central authentication through MS Active Directory with multifactor authentication is required for roles with extended privileges.
Continuous Compliance Monitoring and Third-Party Validation:
Regular ISO 27001 audits serve as confirmation that Goelett consistently exceeds international standards for information security, ensuring our clients’ data is treated with the highest care and follows all rules.
Also, specialized third-party entities conduct penetration tests at Goelett at least once per year, providing clients with added validation and assurance of our security measures.
With the ISO 27001 renewal, Goelett not only upholds a history of information security excellence but actively commits to sustaining and improving it. Goelett’s platform remains a trusted guardian of sensitive information, offering clients confidence that their data is managed with the utmost care and diligence.
