Differences

This shows you the differences between two versions of the page.

--- en:infoturbe_pohimotted [2022/02/07 16:44] – created toomas
+++ en:infoturbe_pohimotted [2025/01/22 11:51] (current) – [3.5. Data location] toomas
@@ Line 22: / Line 22: @@
 All structural units and employees, and also contractors of the company are involved in the information security process.
-We have created and implemented our information security policy in accordance with the ISO/IEC 27001:2013 standard and have also confirmed consistency with the standard through formal certification. The certificate is available here: https://directo.ee/wp-content/uploads/2021/12/27001_ENG_Directo.pdf.
+We have created and implemented our information security policy in accordance with the ISO/IEC 27001 standard and have also confirmed consistency with the standard through formal certification. The certificate is available here:
-{{:mustand:toomas:27001-eng-directo.jpeg?200|}}
+[[https://directo.ee/wp-content/uploads/2021/12/27001_ENG_Directo.pdf|ISO/IEC 27001:2013 expired ]] \\
+[[https://directo.ee/wp-content/uploads/2025/01/Directo_ISO-27001_2022_certificate.pdf |ISO/IEC 27001:2022 valid]]
+{{:et:toomas20250122-114213.png}}
+How Directo's control objectives apply The requirements of the current version of the standard ISO / IEC 27001 can be found in: [[en:soa_27001_2022|Statement of Applicability (SoA) ]]
 Our company is conducting ongoing and systematic monitoring of information security risks and updating the risk assessment, together with activities to reduce the residual risks related to information security.
@@ Line 55: / Line 59: @@
 The servers used to provide Directo’s Service are physically located in a secure data centre in the territory of European Union.
-Directo OÜ only works with recognised partners to host infrastructure. The data centre service is provided by Telia Eesti AS, whose information security management system has been certified by Bureau Veritas to comply with the ISO/IEC 27001:2013 standard: https://www.telia.ee/images/documents/sertifikaadid/iso_iec_27001_2013_est.pdf.
+Directo OÜ only works with recognised partners to host infrastructure. The data centre service is provided by Telia Eesti AS, whose information security management system has been certified to comply with the ISO/IEC 27001 standard:
+  * [[https://www.telia.ee/images/documents/sertifikaadid/iso_iec_27001_2013_est.pdf |ISO/IEC 27001:2013 certificate 20.02.2019 - 25.02.2022]]
+  * [[https://www.telia.ee/images/documents/sertifikaadid/DNV_Telia_Eesti_ISO27001_2021_(DC_and_B2B_ICT_management)_eng.pdf| ISO/IEC 27001:2013 certificate 26.02.2022 – 25.02.2025]]
 ====3.6. Data communication====
-Directo cooperates with Telia Eesti AS to mitigate information security, sustainability and business risks related to data communication.
+Directo cooperates with Telia Eesti AS to mitigate information security, sustainability and business risks related to data communication. All customer data communication with Directo software takes place over the HTTPS protocol and is encrypted.
 ====3.7. Backing up data====