After much hard work behind the scenes, Venly can announce that it has received its official ISO 27001 certification, the world’s best-known standard for information security management systems.
Being so certified “proves that we have consistently implemented rigorous controls,” commented Venly CEO Tim Dierckxsens, “and demonstrates our dedication to maintaining the highest security and compliance standards.”
These standards comprise a systematic approach to managing sensitive information and reducing the risk of security breaches. They provide best practices in:
- Risk assessment and management
- Access control and user management
- Incident management and response
- Business continuity planning
- Compliance with legal and regulatory requirements
- Physical and environmental security
Practices relating to all six of the above areas have been enshrined at Venly in a “set of information security policies, procedures, and controls that everybody in the company has to follow,” explained Compliance Manager Silvana Perona. “It goes through all processes and areas of the company.”
“I see it as a seal of trust [to say] that we care about security. If I’m a customer and I saw a company with this certification, [I would know] ‘This business is committed to taking care of information security.’”
Such diligence is especially important in web3, where organizations routinely handle sensitive personal and financial data. It’s no secret that the industry faces significant threats from cyber-criminals who exploit poorly secured projects for financial gain. The enhanced security posture required by the ISO 27001 certification means customers can trust that Venly is implementing the best-possible practices to defend against this threat.
“Every day the compliance team is monitoring almost 600 cybersecurity measures that we have in place,” revealed Perona. “We have created a series of policies and procedures, putting everything we do in words, with all of our risk assessments, as well as the impact on privacy.
“Information security is at the core of what we do.”
The certification also allows Venly to demonstrate the greatest possible commitment to regulatory compliance across the globe, which remains, “from a regulatory point of view, a bit diverse,” according to Perona. “It still has its gray areas.”
Perona, who is in charge of Venly’s ongoing certification, is proud of the work of the compliance team. “It’s quite gratifying to see at the end that we had done a good job. The auditor said that we were one of the best companies they had seen.”
The ISO 27001 is only the latest of Venly’s security measures to be implemented. The company already carries out regular penetration testing with Cobalt.io and takes part in Intigriti's bug bounty program to offer rewards to ethical hackers who discover gaps in our security.
External libraries are monitored for vulnerability, and tools including SonarCloud, Github CodeQL and SecretsScanner are used to analyze our code. Additionally, all of our smart contracts are audited by NonceAudit and LeastAuthority.
Do you have a concern about Venly’s security? You can make a report to our security team here.