Keeping Your Data Safe At Home and Abroad: Okta Achieves ISO 27018

Imagine your typical weeknight: you come home for dinner, and maybe you check the mail, which is filled with unsolicited offers for new credit cards. While waiting for dinner to cook, you clear out the emails in your spam folder. And when you finally sit down to dinner with your family, the phone rings — surprise, surprise, it’s a telemarketer. The sale of personal data is a growing concern for U.S. businesses and consumers alike. As technology continues to outpace policy, individuals and organisations are left vulnerable to data sales from companies and cybercriminals.

While many companies are capitalising on the current flexibility of the rules surrounding the sale of data, here at Okta we’re actively seeking compliance certifications to ensure our customers’ data is secure from both scammers and data marketing firms. To demonstrate our commitment to data protection, Okta has obtained ISO 27018 certification.

ISO 27018:2014 is a standard for protecting personally identifiable information in the cloud set forth by the International Standard Organisation (ISO). In conjunction with our ISO 27001 certification, ISO 27018:2014 is unique to cloud companies handling private customer data. It includes parameters for how we manage data across the entire production environment, how we develop and release code, and how we respond to incidents and recovery in the event of a breach or glitches in a data centre. As the emerging global standard for cloud data privacy, only a few organisations including Microsoft and Google have obtained ISO 27018:2014.

Security is of the utmost importance to our customers — who, whether they’re sharing data abroad or servicing international customers, are functioning as global companies — which is why we made it a priority to achieve international data compliance. By voluntarily raising our standards and seeking additional accreditations, we’re making it easier and safer for our customers to expand abroad and/or work with international companies without worrying about their data. Additionally, many of the data protections enforced by the ISO are not mandatory in the U.S. but that hasn’t stopped us from imposing these standards on ourselves everywhere we’re doing business. Our data policies represent the strictest of regulations in the U.S. and abroad, and are applied unilaterally.

We want to ensure your personally identifiable information is managed privately and securely. We’ll continue pushing the envelope to make sure you’re protected in any environment. Our bottom line is keeping your data safe, and family dinner uninterrupted.