ISO Certification

Your information is safe in our hands

External ISO 27001 certification shows that Course Merchant has systems in place to protect not only our information, but information we manage on our customers’ behalf. ISO27017 builds on the foundations of ISO27001 demonstrating that Course Merchant can be trusted to manage your crucial sales website.

We are ISO 27001: 2013 and 27017: 2015 certified

ISO 27001 LogoISO 27017 Logo

We are ISO 27001: 2013 and 27017: 2015 certified

ISO 27001 LogoISO 27017 Logo

ISO 27001

We are certified to ISO 27001: 2013 Information Security Management, with additional ISO 27017 accreditation demonstrating best practices in the provision of cloud services. 

Through ISO 27001 we have developed and maintain best practices for protecting our customers’ data from cyber-attack, hacks, theft and data leaks. Our ISO 27001 Information Security Framework, audited annually by external Quality Management specialists, includes the following information security controls:

Annex A.5: Information security policies
Annex A.6: Organisation of information security
Annex A.7: Human resource security
Annex A.8: Asset management
Annex A.9: Asset control
Annex A.10: Cryptography
Annex A.11: Physical and environmental security
Annex A.12: Operations security
Annex A.13: Communications security
Annex A.14: System acquisition, development and maintenance
Annex A.15: Supplier relationships
Annex A.16: Information security incident management
Annex A.17: Information security aspects of business continuity management
Annex A.18: Compliance

ISO 27017

ISO 27017 extends ISO 27001 into the cloud. We work with our customers via industry-standard protocols to agree on responsibilities, data ownership, access control and infrastructure maintenance before embarking on a project. This ensures a clear and productive relationship between us and our customers which minimises misunderstandings and provides assurance and trust in cloud computing security. 

Security controls added to ISO 27001 by ISO 27017 include:

6.3.1 Shared roles and responsibilities within a cloud computing environment
8.1.5 Removal of cloud service customer assets
9.5.1 Segregation in virtual computing environments
9.5.2 Virtual machine hardening
12.1.5 Administrator’s operational security
12.4.5 Monitoring of cloud services
13.1.4 Alignment of security management for virtual and physical networks

Book a webinar to find out more

Book a webinar to find out more

We're happy to offer focused webinars specific to your requirements.

Course Merchant Logo

© Connected Shopping Ltd.


Privacy Policy