Apr 18 2023
Fountain is excited to announce that we have achieved ISO 27001 certification, one of the most globally recognized information security standards, in addition to successfully completing our annual SOC-2 Type II audit.
This certification is a significant milestone in our journey to establishing ourselves as a leading provider of enterprise software solutions, and it demonstrates our commitment to keeping our customer and stakeholder data safe and secure.
Why ISO 27001?
ISO 27001 is a globally recognized security standard designed by the International Standards Organization (ISO). It can be applied to companies of all sizes and industries. The standard mandates companies to maintain the confidentiality, integrity, and availability of information by adopting a risk management strategy and ensuring that information security is integrated into the design of processes, information systems, and controls. ISO 27001 provides assurance to external parties that a company is keeping customer data safe, complying with strict security laws and regulations, and prioritizing security in its operations.
The value of ISO 27001 certification for our customers
Building trust
At Fountain, we are committed to building customer trust. Receiving third-party attestations like SOC-2 Type II and ISO 27001 demonstrates to customers and prospects the maturity of Fountain’s information security program. The ISO 27001 is one of the gold standards in security certifications.
Data security
By obtaining ISO 27001 certification, Fountain joins the ranks of other industry leaders who have recognized the importance of information security and have taken proactive measures to protect organizational assets.
Fountain’s successful completion of the audit demonstrates the effectiveness of our ISMS and a commitment to continuously improving our security practices. The certification serves as an assurance that stakeholder data is secure and protected.
Meeting security requirements
As an ISO 27001 certified organization, we can meet the security requirements of our customers and partners, who often require ISO 27001 certification as one of the prerequisites for doing business.
Overall, achieving ISO 27001 certification is a significant achievement for Fountain, and we’re proud of our hard work and dedication in achieving it.
Fountains Trust Center: Request security documents
To request Fountain’s compliance documents, visit the Fountain Trust Center or send a message to [email protected].
The Fountain Trust Center allows stakeholders to request our security documentation and shows the dynamic, almost real-time monitoring of Fountain’s security controls.
Our ISO 27001 journey
This year, Fountain completed the ISO 27001 certification, in addition to maintaining and completing our SOC-2 Type II with no exceptions. These achievements allow us to up-level and increase our list of security certifications and positions us as a competitive leader in data safety and security.
We began our compliance journey and achieved SOC-2 Type II on the Security Trust Service Principle in 2020, and maintained annual SOC-2 attestation on the Security Principle. In 2022, the Trust Service Principles were extended to include Confidentiality and Availability.
Preparing for the certification
Building on the SOC-2 controls, additional controls per ISO 27001 standards were designed and operationalized to ensure the security of data.
The audit
The certification process was rigorous and involved a comprehensive assessment of Fountain’s information security policies, procedures, and controls. A certification body evaluated Fountain’s compliance with the ISO 27001 standard, and thoroughly scrutinized every aspect of our security management system, from policies and procedures to access controls, and from security awareness training and security monitoring capabilities.
The certification process included an Internal Audit, a Stage 1 audit, and a Stage 2 audit to validate the efficacy and implementation of Fountain’s policies and controls per the ISO standard.
Overall, the entire process from preparation to certification took nine months, from June 2022 to April 2023.
Post-audit: Maintenance of certifications
ISO 27001 requires consistent maintenance and audits. During a three-year certification period, a certification body will perform a surveillance audit during year two and year three to validate Fountain is still operating the required ISO 27001 controls as designed.
Continued compliance
During the audit, Fountain showed no nonconformities with ISO 27001. This indicates that our tooling and processes enable us to continuously test, monitor controls, and detect any failures.
To maintain compliance with ISO 27001 and SOC-2, Fountain will continue to invest in tooling and processes that monitor and test our security posture and controls. It is also important to keep the ISMS plan up to date and onboard any new products within the new scope, to prepare for the annual risk assessment and internal audit.
