Skip Navigation
Resources Blog Sonatype now ISO 27001 certified

Sonatype now ISO 27001 certified

What is ISO 27001?

A global standard for information security management, it helps make sure only the right people have the right access when they need it. The larger goal is to provide a framework that organizations can follow to manage risk and better protect their employees' and customers' information and reputation.

Why is ISO 27001 important?

These standards put everyone in the industry on even footing and encourage ongoing security focus.

Blogs like ours try to make security sound interesting and exciting, but a lot of good security is made up of carefully considered policies and process. After all, having good systems in place to manage small problems prevents them from becoming damaging failures. This certification demonstrates a mature security program and a commitment to comprehensive secure policy, on both a large and small scale.

Who gets the certification? What's required?

This accreditation is not the exclusive territory of technology companies like ours. Increasingly law firms, healthcare, financial institutions, and other security-aware institutions seek it out to help them compete globally.

In order to prove the standard is being followed, an organization must be audited by an independent accredited third party. Over a year in the works, we sought this to protect ourselves and our customers.

Learn more about the ISO 27001 standard.


Picture of Michael Griffin

Written by Michael Griffin

Michael serves as Sonatype's Vice President, Information Security and brings over 22 years experience building and leading Information Security programs for organizations. Michael is active in professional organizations, such as ISACA and ISSA where he enjoys helping organizations improve their programs and mentoring others.