WELL™ Achieves Four ISO Certifications for ISMS and PIMS
WELL™ Health is pleased to announce that it has been accredited with ISO/IEC 27001:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2019, and ISO/IEC 27701:2019 certifications for its Information Security Management System (ISMS) and Privacy Information Management System (PIMS).
The widely recognized International Organization for Standardization (ISO) 27000 standards consist of best practice requirements for securing information assets, managing information security and privacy, and processing personal data. Coalfire ISO, the certification arm of Coalfire, conducted a wide-ranging audit of the security operations, cloud services and environments, and privacy provisions of WELL™. Coalfire ISO is an accredited certification body of management systems registered with both the ANSI National Accreditation Board (ANAB) and the United Kingdom Accreditation Service (UKAS).
According to Will Dunphy, Coalfire’s Senior Manager – Privacy & International Assurance, “Through the establishment and maintenance of a management system aligned to both the ISO 27001 and ISO 27701 standards, WELL has committed to a process that will perpetuate a virtuous cycle of continual improvement within the organization. The dedication and rigor with which WELL operates its management system ensure it will continue to excel as its compliance program grows and evolves.”
The ISO 27001 standard, which is used by more than 60,000 companies worldwide, establishes requirements for forming, implementing, maintaining, and continually improving an ISMS. This standard serves as the foundation upon which the other ISO 27000 standards are built.
The ISO 27701 standard establishes requirements for the formation, implementation, maintenance, and continuous improvement of a PIMS to protect the privacy and processing of personal data. This standard may lay the foundation for future GDPR certifications. WELL has been certified against the ISO 27701 standard as a data processor.
The ISO 27017 standard extends supplementary requirements for the implementation of information security controls for cloud services. The ISO 27018 standard provides further requirements for the protection of personally identifiable information (PII) within cloud environments. WELL is pleased to be certified against the ISO 27018 standard as a cloud provider.
By obtaining certification to these standards, WELL™ has achieved internationally recognized assurance of its commitment to protect the security, integrity, availability, and privacy of its customers’ data. WELL achieved multi-site certification for its headquarters in Santa Barbara, CA as well as sites in Toronto and London.
The ISO standard certifications join the impressive compliance program of WELL which continues to maintain an active HITRUST certification and provides HIPAA and TCPA compliant solutions.♥