Onitio achieves ISO 27001 certification: strengthening our commitment to information security
Onitio is officially certified under ISO/IEC 27001, the international standard for information security management systems (ISMS). Our initial certification, awarded in June 2024, marked a key milestone in our commitment to protecting data and upholding high standards across all operations. This latest audit, completed with no deviations reported by DNV, reinforces that we not only meet the standard, but continue to embed it in how we work every day.
What is ISO 27001?
ISO 27001 is a globally recognized benchmark that sets out the requirements for managing information security effectively. It covers how organizations protect assets such as financial data, intellectual property, employee records, and third-party information. The standard requires not only technical controls but also governance, training, and continuous risk management.
Achieving certification demonstrates that we’ve implemented a robust, systematic approach to identifying and mitigating risks related to the information we handle.
A thorough and inclusive process
Reaching this point involved a comprehensive internal review of our policies, controls, and day-to-day practices. The process included multiple internal audits, formal risk assessments, and structured improvements across our technical and organizational controls. Equally important, it requires participation from every part of the company, from senior management to frontline staff, to ensure that security is thoroughly embedded in our culture.
Achieving an audit with no deviations is the result of targeted effort across the organisation and reflects our dedication to protecting the confidentiality, integrity, and availability of information, for the benefit of our customers, partners, and employees.
- Øystein Tveitå, Chief Information Security Officer at Onitio.
What it Means for You
For you, our customers and partners, ISO 27001 certification offers independent assurance that we manage your data responsibly and securely. It confirms that we follow best practices to preserve the confidentiality, integrity, and availability of information. More practically, it means that security is not an afterthought, but part of how we work every day.
Looking Ahead
While the certification is a significant milestone, we don’t treat it as the end goal. ISO 27001 requires ongoing review and improvement, something we see as a benefit, not a burden. Information security is a moving target, and we’re committed to adapting as threats emerge.
We’ll continue to invest in training, update our policies, and evolve our technology. At Onitio, safeguarding information isn’t just a compliance exercise. It’s a shared responsibility, and a core part of how we deliver reliable services in a digital world. And we don’t take that lightly.
test
test
