4human wants to have a systematic and continuous approach to information security and privacy. We have therefore chosen to certify ourselves according to the most well-known information security standard ISO 27001. In addition, we have certified ourselves according to ISO 27018, which is the standard for personal data in cloud services, and ISO 27701, which has become known as the GDPR standard.

With certifications, we ensure that all our stakeholders have insight into how we think about information security and privacy by adhering to reputable standards that they also know.

ISO 27001 is a standard that sets requirements for how to establish, implement, maintain and continuously improve an information security management system. ISO 27001 is a risk- and opportunity-based standard, which means that we implement measures where we find that we have a risk associated with a value, threat or vulnerability in our organization or in one of our systems. The standard has listed a large number of measures that tell us how we should handle the risks. After the measures have been implemented, we evaluate whether the measures have had the desired effect on the risks and if not, we adjust the measures. In other words, we have a continuous improvement process.

ISO 27018 is an additional standard to ISO 27001 and is a standard for security measures specifically aimed at cloud service providers that process personal data, and that is precisely what 4human has as its core business.

ISO 27701 is a standard with security measures that addresses all processing of personal data regardless of whether the processing takes place in the cloud, locally, whether it is 4human who owns the personal data or whether it is our customers who own the personal data.

Choosing certification is a strategic decision for 4human and with a certification we demonstrate to the outside world that we take information security and privacy seriously.