At Axur, information security is an essential part of our DNA. As a cybersecurity company, we understand that our customers seek assurances that we follow the best practices in data protection and operational resilience. Often, we receive requests for our business continuity plan, penetration test reports, and other internal documentation. However, directly sharing these documents is neither a feasible nor recommended practice.
Why don’t we share internal documents?
Confidentiality and Operational Risk
Documents such as penetration test reports, business continuity plans, and other materials contain sensitive information about our infrastructure, processes, and potential areas for improvement. If disclosed, they could be used by malicious actors to exploit vulnerabilities, jeopardizing not only Axur but also all our customers.
Scalability and Fairness
We serve hundreds of customers globally. Sharing confidential documentation with each of them would be unfeasible and could create inconsistencies regarding which information was shared with whom. This could result in regulatory risks, governance issues, and challenges in managing sensitive information.
Industry Standard – ISO 27001 Certification
Instead of sharing isolated documents, we adopt a more robust and widely recognized model: ISO 27001 certification. This international certification is granted only to companies that demonstrate compliance with the highest standards of information security.
How does ISO 27001 ensure Axur’s security?
ISO 27001 is a global standard that establishes requirements for an Information Security Management System (ISMS). To obtain and maintain this certification, Axur undergoes:
Annual external audits conducted by independent and qualified bodies.
Regular internal audits to ensure continuous improvement and adherence to best practices.
Rigorous risk assessments, compliance evaluations, security policies, and incident response plans.
Access control and protection of sensitive data in line with international best practices.
The Compliance Chapter in ISO 27001
ISO 27001 includes a dedicated chapter on Compliance, which specifically addresses the company’s adherence to all applicable laws and regulations. The organization must map all regulations and laws it must comply with in the jurisdictions where it operates. This chapter ensures that Axur complies with standards such as:
LGPD (Brazil’s General Data Protection Law)
GDPR (General Data Protection Regulation of the European Union)
CCPA (California Consumer Privacy Act)
HIPAA (Health Insurance Portability and Accountability Act)
As part of the certification, auditors assess whether the company is meeting all necessary regulatory requirements, ensuring that our approach to information security and data protection is always aligned with best practices and legal demands. This way, our customers can trust that Axur operates in compliance with international standards and is committed to regulatory compliance.
Axur’s valid certificate can be found at: https://axur.to/iso27001-certificate
This certification ensures that Axur’s security is continuously monitored and evaluated, providing a more reliable seal of trust than a one-time document, which can quickly become outdated.
Conclusion
Transparency and security are fundamental to Axur, which is why we follow globally recognized standards. ISO 27001 certification is a robust guarantee that our processes are regularly audited, making the distribution of sensitive internal documents unnecessary. By doing so, we ensure a secure environment for all our customers and partners, reinforcing our commitment to digital security.