Appfarm is ISO 27001 certified

After the implementation and internal alignment of a management system for information security (ISMS), Appfarm became ISO 27001 certified at the end of 2023. This means Appfarm is one of a few no-code platforms on the market that holds this security certification. We had a chat with our Platform Security Lead, Trond Hønsi, about what this means for our customers and partners.

3
Min. read
Appfarm is ISO 27001 certified
Trond Hønsi, Platform Security Lead

What does it mean to be ISO 27001 certified?

It means that an organization has implemented a management system for information security (ISMS), and it has been proven that the ISMS implemented complies with the ISO 27001 standard. Appfarm is now one of a few no-code platforms that hold this certification.

What does the ISO 27001 certification mean to Appfarm? 

The certification means that a CREST Certified Global Top 20 Cyber Security Company, in our case, Prescient Security, has recognized the effort done at every level of Appfarm’s operations regarding information security, showing that there is a willingness among all employees, from the sales team to development, to work towards the common goal. This is ultimately to ensure a secure and stable product for our customers.

How has the process been?

The process has been a long and meticulous one, starting in late 2022 with implementing a suiting ISMS, working throughout the year of 2023 implementing controllers and getting everyone at the company involved, and ending with ISO 27001 stage 1 and stage 2 audits that were completed just before Christmas 2023.

What does this mean for Appfarm customers? 

For Appfarm’s customers, this means that the product (platform) they are now using is part of the scope of our ISO 27001:2022 certification, which implies that processes in place when developing and maintaining Appfarm Create are derived from the branch standards of information security. Everything from employee training to secure development, penetration testing from independent third parties, data encryption, and secure cloud hosting is covered.

Will it affect applications built on Appfarm Create? 

Other than reinforcing our customers' trust that the data they put into their applications maintains their confidentiality, integrity, and availability, applications are not directly affected. Processes are already in place, reflected in the currently running version of Appfarm Create.

In general, what are important security measures enterprises must consider when developing applications? 

When creating or using off-the-shelf software, the most important thing is to ensure that security has been accounted for. When developing software, this means integrating security in the application pipeline and not thinking of it as an additional optional cost. When developing using Appfarm Create, we strive to deliver a security-by-default product to our customers. However, some security measures need to be considered due to the platform's flexibility. To help Appfarm Create users develop secure applications, we have created a security checklist that can be used in the application’s life cycle. 

What other measures does Appfarm ensure to provide a secure product/platform and environment for their customers?

ISO 27001 is very comprehensive, ensuring information security at every level of the organization. In addition to this, we are working on the continuous improvement of our ISMS in 2024, working towards being a compliant service provider under the EU’s Digital Operational Resilience Act and compliant with the NIS2 Directive.

More reading

Digital transformation without the upheaval

See tasks that used to take hours, be completed in seconds. Champion change that creates business value.