Toloka obtains ISO 27001 certification for information security management

Toloka processes huge amounts of data every day, and protecting this data lies at the core of every update we put out. We’re proud to announce that after a series of in-depth audits, the Toloka platform has obtained certification for compliance with ISO 27001:2013, the highest industry standard in information security management.

What is ISO 27001:2013?

ISO/IEC 27001 is an international information security certificate originally introduced in 2005 and then revised in 2013. It’s jointly awarded by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Both are independent, non-governmental organizations based in Switzerland.

Companies that obtain ISO 27001:2013 are compliant with the highest information security management system (ISMS) standards published by ISO and IEC. This confirms that an ISO 27001-certified business (along with its products) follows established best practices to protect client data, manage the security of all assets, and reduce any potential security breaches. This covers several key aspects of data storage and maintenance, both within data centers and in the cloud, including but not limited to:

• legal documents
• financial information
• intellectual property
• personal data
• confidential information entrusted by third parties

Getting the certificate

While the ISMS protocol lists the standards put in place by ISO and IEC, any company wishing to obtain ISO 27001 needs to be audited at length. In the case of Toloka, the auditor was BSI – an internationally recognized London-based standards body and certification company. BSI is accredited by ANAB, a board of the American National Standards Institute (ANSI), which is a member of the International Accreditation Forum (IAF).

To get the green light from BSI, Toloka went through a series of extensive checks that examined all of the company’s internal processes related to data management and information security. These audits will continue on a regular basis in order to renew the certificate periodically — and to ensure compliance with the highest industry standards in the future.

Additional information

To learn more about privacy and information security at Toloka, please visit this page – it outlines Toloka’s commitment to security, explains our legal policies, and provides additional information about our compliances and certificates.