October 16, 2024
As a security-focused organization, Digilock understands the evolving and dynamic threat landscape within our global economy and the paramount importance of proactively implementing security practices to protect the information and resources utilized within our business. Implementing these safeguards includes a combination of people, processes, and systems working together to ensure we follow best practices for information security and data privacy to protect our business assets, company information, and customer data.
‘Security Simplified’ is our guiding principle which reflects our dedication to making storage security effortless and manageable. We strive to provide locks and security services that are user-friendly and straightforward, making safety more attainable for everyone. By implementing best practice security and privacy measures, we assure our customers and stakeholders that our organization can be trusted to safeguard their sensitive and confidential information.
Our leadership is deeply committed to showing — not just saying — that we're exceptionally good at keeping things secure. To measure these commitments, we have completed AICPA SOC 2 Type 2 certification and ISO’s ISO27001 and ISO27701 certifications for our DigiLink web application product.
Service Organization Control (SOC) standards are issued by the American Institute of Certified Public Accountants (AICPA), a prominent professional organization in the United States that represents certified public accountants (CPAs) and accounting professionals. The AICPA is responsible for developing and maintaining the SOC framework, including SOC 1, SOC 2, and SOC 3 reports.
SOC 2 reports are designed to evaluate and report on the security practices at a service organization, such as Digilock, to provide an independent, objective opinion on the state and effectiveness of the security practices implemented by the service organization. These reports result from an audit conducted by a third-party CPA firm, which includes the evaluation of policies and procedures, documentation, system operations, and a series of interviews with company subject matter experts and process owners. The resulting report includes an auditor’s opinion on whether security practices (and where relevant privacy practices) meet the best practice security standards established by the AICPA.
ISO27001 and ISO27701 standards are similar to SOC standards in that they establish a benchmark for evaluating best practices for information security and data privacy; however, they are issued by the International Organization for Standardization (ISO). Certification for adherence to ISO standards also includes the performance of a third-party audit; however, ISO standards are known for being a more comprehensive measure of information security and data privacy compliance. To validate Digilock’s conformity and certify that they meet the ISMS/PIMS standards for ISO27001 and ISO27701 certification for their DigiLink web application product, Digilock engaged Certification Body, Sensiba LLP.
Our organization is certified for SOC 2 Type 2, ISO27001, and ISO27701 for our DigiLink web application environment. The coverage for our DigiLink web application environment includes all information technology operations related to our DigiLink web application product and some organizational processes related to Digilock corporate operations. Customers using our DigiLink web application to manage their 6G networked Smart Lock products purchased from Digilock can review these certifications and reports to gain comfort that data is protected when processed and stored by the DigiLink application.
Reaching our SOC 2 and ISO27001/ISO27701 compliance milestone was a multi-year journey that included investing time and resources to fortify our organization’s security and data privacy practices and culture. We engaged information technology, security, and data privacy specialists to provide their expertise on how our company could improve existing security and privacy practices to adhere to these benchmark standards.
As a result, we implemented new policies, procedures, systems, training, and communication activities that made our security and privacy practices more robust, measurable, and aligned with the industry standards for security and privacy excellence.
In an era where digital threats loom, customers expect businesses to safeguard their data. This can be attributed to the growing awareness of cyber threats and data breaches that impact large and small businesses and their customers' data. Our customers expect we will do our best to protect their data and our company from being victim to these threats and risks.
To ensure we combat these threats and risks as best as possible, we implement various measures that reduce the likelihood and overall risk of our organization being victim to a cyberattack or significant incident impacting our security and customer data. Achieving SOC 2 and ISO27001/ISO27701 certifications provides an unbiased opinion on our security and privacy operations to demonstrate that we have appropriately implemented these measures. Receiving these certifications illustrates our trustworthiness and accountability for security and privacy to our customers and stakeholders, providing them with confidence that we're not just committed but also capable of protecting their data.
Although we have implemented many security and privacy measures to adhere to SOC 2 Type 2 and ISO27001/ISO27701 standards, the following criteria are crucial to the protection of customer data and the continued achievement of these security certifications:
Leadership oversight and governance
Our company’s leadership team includes various C-Suite Executives and security experts responsible for monitoring our risk management practices, including security and privacy measures, to ensure these measures meet the expectations and standards of our company’s internal and external stakeholders.
Policies and procedures
We have established information security policies and procedures that govern the activities performed by our employees when interacting with computers and data within our company. Documenting and communicating policies and procedures is essential for our company to ensure that our team members know and follow our defined best practices.
Access management
We have implemented several measures to ensure that access to our company’s systems, physical locations, and IT resources are restricted from unauthorized access, limiting access to employees and personnel who are verified as appropriate. Further, we ensure that any employees or personnel with access to our systems have the correct level of access within the system to ensure they can only perform necessary activities for their roles and responsibilities
Network security
We have implemented network level security protections within our IT computing environment that stores and processes customer data. This includes security measures such as firewall protections, remote access encryption, data transmission encryption, systems operations monitoring, intrusion prevention solutions, and several other measures that protect our IT network from being accessed by unauthorized or malicious parties
Risk assessments
As a requirement of security standards and data privacy laws, we conduct several risk assessment activities within our organization to evaluate potential threats and adverse events that could impact our environment’s security and data privacy practices. These risk assessment activities provide a proactive approach to assessing the state of security within our company, requiring anticipation of adverse events and worse case scenarios and responses to these identified events. By conducting these risk assessment activities, we can proactively identify solutions that will assist with detection, prevention, identification, and response to these scenarios.
Data privacy procedures
Data privacy is concerned with the protection of personal information that our organization handles. Data privacy laws, such as the General Data Privacy Regulation (GDPR), and data privacy standards, such as ISO27701, have specific requirements that serve the interests of individuals. These include handling personal information in accordance with agreed-upon instructions of data controllers, adherence to data subject rights, incident and breach notification procedures, and safeguarding personally identifiable information with security protection and industry-standard encryption. Our ISO27701 compliance demonstrates that these privacy requirements have been implemented within our operating environment for the DigiLink web application.
Security training
Digilock employees and team members are integral to maintaining security within our organization. To ensure all personnel maintain awareness of security and privacy best practices, we require all new employees to complete security awareness training during their onboarding activities, and all existing employees complete security awareness training annually. These security courses include education and training about common security threats, tactics, and best practices to defend against them.
Our commitment doesn't end with these certifications. We engage in ongoing evaluations to ensure our practices not only meet but exceed industry standards. All of the above, and a few other important systems and processes, are evaluated during our annual SOC and ISO audits and operate to ensure we protect our company and customer data within our organization. Digilock is committed to maintaining security and privacy safeguards and adherence to SOC 2 Type 2, ISO27001, and ISO27701 standards and will undergo annual evaluations to ensure that we meet industry standards.
Get a Copy of our SOC and ISO reports
Click here to download a copy of our general use SOC 3 report to understand more about our DigiLink web application. Customers interested in viewing our detailed SOC 2 Type 2 report, ISO27001, and ISO27701 reports can request copies through our Contact Us page.