Customers have even more reason to trust Kinsta now that its information security management practices have been recognized as meeting the most demanding international standards.
Kinsta has achieved ISO 27001, 27017, and 27018 certifications — designations that reflect adherence to best practices in information security, with additional emphasis on controls safeguarding data in cloud computing environments.
Erik Van Dijk, Kinsta’s Head of IT, said the certifications recognize the company’s ability to meet “the gold standard” for security compliance set by the International Standards Organization (ISO).
Organizations that meet ISO standards are committed to preserving the confidentiality, integrity, and availability of information through recognized risk management processes. This fosters the confidence that Kinsta aims to share with its customers.
Van Dijk pointed out that the certifications came one year after an extensive audit determined that Kinsta met the Security criterion of the System and Organization Controls (SOC 2) compliance framework developed by the American Institute of Certified Public Accountants (AICPA).
While working toward the ISO certifications, he said, Kinsta also logged another year of monitoring under SOC 2 and expanded the trust services with which it is compliant — adding Availability and Confidentiality to the original Security criterion.
Van Dijk pointed out that the initial SOC 2 designation was determined during a three-month audit window in 2023. Compliance is now monitored continuously throughout the year.
Meanwhile, Kinsta made its first appearance in the Cloud Security Alliance’s Security, Trust, Assurance, and Risk (STAR) Registry, achieving the CSA STAR Level 1.
A closer look at the new ISO 27001 certifications
Officially known as ISO/IEC standards (because the International Electrotechnical Commission is a joint publisher of the framework), those achieved so far by Kinsta are:
- ISO/IEC 27001:2022 — The overarching standard for information security management systems. Organizations that meet the ISO 27001 standards have robust methodologies for business, people, and IT processes, along with an established framework to identify, manage, and reduce risks surrounding information security.
- ISO/IEC 27017:2015 — This standard extends ISO 27001 by prescribing security controls and implementation guidance for cloud computing environments.
- ISO/IEC 27018:2019 — Another extension to ISO 27001 that focuses specifically on protecting personally identifiable information in cloud environments.
Kinsta’s Van Dijk said the process of working toward ISO 27001 certification harnessed staff resources across the company and included external partners.
Shortly after achieving SOC 2 compliance, Kinsta started the ISO certification project and turned to cloud security company Rhymetec for an internal audit that helped define the work ahead. Vanta, a company that assisted with SOC 2 compliance, was called on to help create policies and collect evidence. Finally, BARR Advisory conducted an independent audit verifying Kinsta’s certification eligibility.
“There were a ton of moving parts along the way,” said Van Dijk, “(but) we consistently received praise from our auditors on how organized and prepared we were.”
Visit Kinsta’s Trust Center for information on the company’s ongoing compliance efforts.
Secure from the ground up
At Kinsta, we’re dedicated to protecting customer websites and their data. Our ISO-certified information security procedures reflect our investment in earning customer trust. It’s also evident in our free tools to safeguard websites with firewalling, DDoS protection, and wildcard SSL.
Not already a customer? Get started with our secure environment by finding the best web hosting plan for your business.