Mandalay’s ISO 27001 Certification in Information Security Management 


Here at Mandalay, we invest in our people, processes, and technology to ensure customer data is appropriately protected and our information security management ISO 27001 certification is an important part of this.  

With ISO 27001 certification in information security management, Mandalay has a framework (Information Security Management System) in place that allows us to operate, monitor, review and continually improve our information risk management processes and systems.  

A huge amount of work is undertaken behind the scenes to ensure that our systems, policies and procedures all meet the necessary requirements of this certification. This work is ongoing because being ISO certified also represents a commitment to continually review and improve those systems, policies and procedures we have in place to ensure all digital data and information is kept secure.  


What is an ISO 27001 certification? 

ISO 27001 is a certification in information security and risk management. This includes customers information, employee information and any other digital information, the risks associated with it and keeping it secure.  Keeping this data and information secure is done by identifying what the risks are and understanding how to best address those risks.  


Why does Mandalay have this certification? 

We know how important it is for your organisation to know that your valuable digital information and data is in safe hands. That’s why a lot of time, money and effort has gone into this certification to ensure that you, our customers, trust us to keep your valuable data and information secure.  

Mandalay started out as a small business but over the years we have matured as an organisation, and ISO certification is a milestone of that maturity. Having this certification is about mitigating and controlling security risks as an organisation so that you, our customers have complete confidence in working with us.  

Not many organisations hold a certification like this due to the cost, time and resources required for it, which is why we are proud to have this ISO certification in place to help us stand out amongst our competitors. Everyone in our organisation is required to follow, work through and honour the policies within this certification. Our compliance team regularly reviews documentation, reviews regulations and stays up to date to ensure we are always up to standards to meet and exceed your expectations in the information security space 

Trust is very important. We understand that our software is a key part of your business and with this certification, you can trust that we are doing the best possible job at ensuring the integrity of your systems and data. But you don’t have to take our word for it. By having ISO certification, this allows us to provide an external indicator that shows that we are doing the right thing by our customers and that your organisation is in good hands with us.  


How do we maintain our ISO 27001 certification? 

How we deal with information security in our business is broken down into two parts. Scope and Management Systems. Scope includes determining what regulations apply to our organisation, what our objectives are, what we are trying to achieve and how these things apply to our business. Management Systems is how we tailor our information security system to meet that scope. This includes controls, meetings, reviews and audits.   

We have worked hard to build up the controls in our management systems and these controls enable us to reduce our risk around security. We also have internal and external audits conducted regularly to ensure we are doing things correctly and are always up to standard.  


Visit the ISO website for more information about this certification:  ISO 27001