We are proud to announce that DecisionBrain has achieved certification for ISO/IEC 27017 (cloud-service security controls) and ISO/IEC 27018 (protection of personally identifiable information in public cloud environments). These certifications complement our existing information security framework and reinforce our commitment to security, privacy, and operational resilience in the cloud.
To effectively support our clients in highly regulated industries with their most critical processes, we maintain a robust Information Security Management System (ISMS).
With the successful audit and certification for ISO/IEC 27017 and ISO/IEC 27018, we have strengthened our controls around cloud operations and the handling of personal data in public cloud setups:
- ISO/IEC 27017 provides guidelines and controls specific to cloud service operations, clarifying the shared security responsibility model between cloud providers and clients, and addressing cloud-specific risks such as virtualization, multi-tenancy, or cloud service consumer-provider relationships.
- ISO/IEC 27018 is a standard that provides guidelines for protecting personally identifiable information (PII) in public cloud services. It ensures cloud providers handle personal data in line with key principles like data minimization, encryption, and transparency, while also maintaining alignment with data privacy laws such as GDPR.
These new certifications build on our previous compliance efforts (ISO/IEC 27001), reinforcing our promise to deliver not just optimization power but also trust, compliance, and reliability.
What this means for clients / partners
- Stronger assurance for clients in regulated industries (manufacturing, logistics, maintenance, workforce, government, etc.) that cloud data and PII are managed with high standards.
- Enhanced ability to support clients who are subject to regulatory audits or compliance requirements (data privacy, cloud security, business continuity).
- A competitive differentiator: these certifications demonstrate that DecisionBrain is a partner committed to minimizing data risk, allowing our clients to confidently focus on their core optimization challenges knowing their data is secured according to global standards.
Next steps & continued commitment
We will continuously monitor, audit, and improve our security and privacy processes, ensuring our solutions remain aligned with evolving regulatory requirements and cloud best practices. Expect more updates on security, certifications, and enhancements as we expand into new industries.
To learn more about our certifications, security practices, or compliance documentation, please visit our Security & Compliance page.
