OChK has successfully completed the audit for its transition to the latest version of the international standard, ISO 27001:2022. This achievement confirms that the organization has fully aligned its integrated information security and business continuity management system with the most recent requirements, demonstrating a high level of maturity in cybersecurity, compliance, and the protection of processed data. At the same time, three other key certifications were also renewed: ISO 22301:2019 for Business Continuity Management, ISO 27017:2015 for Cloud Security Management, and ISO 27018:2019 for Personal data in the cloud.
The new version of ISO 27001:2022 responds to the rapidly evolving global technology landscape and the increasing complexity of digital threats. While the core focus of the standard—Information Security Management—remains unchanged, the guidelines have been updated to better address current challenges. Security controls have been more clearly structured and grouped into four simplified categories: Organizational, People, Physical, and Technological, making them easier to implement and monitor. In addition, new security measures such as threat intelligence gathering and analysis, data masking, and web content filtering have been introduced to address the unique challenges of widespread remote working, increased cloud adoption, and the heightened need for rapid threat detection and response.
The certification of compliance with the latest version of the ISO standard covers OChK's cloud services in IaaS, PaaS, and SaaS models, as well as its transformation services and cloud migration consulting—both on its own platform and to public clouds. It also includes Security Operations Center (SOC) monitoring services on public cloud platforms. This ensures that OChK delivers its own platform services, as well as transformation and consulting services to hyperscalers’ public clouds, with the highest standards of data confidentiality, integrity, and availability.
“External auditors conducted a thorough, multi-day review of OChK's compliance with the requirements of ISO 27001:2022, with a particular focus on protecting the confidentiality, integrity, and availability of information. The Cybersecurity & Compliance teams demonstrated full readiness to meet these stringent requirements, and OChK's overall security management approach was found to be mature and fully aligned with today's market requirements. This reflects the effective implementation of global best practices in security and business continuity, and confirms that OChK is a responsible, trusted partner in data protection. We handle information proactively, guided by regular risk assessments and well-defined control measures. In addition, as a certified provider of Security Operations Center (SOC) services on a public cloud platform, we guarantee the highest standards of security and actively support our clients in minimizing business risks and ensuring business continuity. This achievement confirms that OChK is a responsible and trustworthy partner, fully prepared to manage critical data with the highest levels of security and resilience,” concludes Alicja Peszke Bieńko, Head of Risk Management & Compliance at OChK.
OChK has also received ISO recertification in 3 other areas: ISO 22301:2019 for Business Continuity Management, which confirms an organization's readiness to respond to business disruptions; ISO 27017:2015 for Cloud Security Management, which provides practical rules for securing information in cloud environments in accordance with ISO/IEC 27002; and ISO 27018:2019 for Personal data in the cloud, which addresses the protection of personal data in public clouds when the provider acts as a data processor. In addition, in June 2024, OChK’s ISO 27001:2013 certification was extended to include Security Operations Center (SOC) security monitoring services in the public cloud. For more information on OChK's current certifications and the standards we put into practice every day, please visit the Security - Certifications subpage.
