Intapp achieves ISO 27001 certification for cloud solution portfolio
Intapp, a global leader in business applications for professional services firms, has achieved ISO/IEC 27001 certification for the information security management system supporting its entire portfolio of cloud solutions. The certification also validates that Intapp has incorporated cloud-specific information security controls defined in ISO/IEC 27017, as well as the data privacy controls defined in ISO/IEC 27018, across the cloud versions of the Intapp Open, Intapp Flow and Intapp Time families of products.
The ISO certification was performed by Schellman & Company LLC, one of the few US firms to be accredited by both the United Kingdom Accreditation Service (UKAS), as well as the ANSI-ASQ National Accreditation Board (ANAB) in the US.
“Attaining ISO 27001 certification together with ISO 27017 and ISO 27018 compliance demonstrates Intapp’s leadership and commitment to security and privacy protection in the cloud,” said Thomas Hadig, Company Security Officer, Intapp. “We understand that high standards of security and data protection are critical for law firms, as well as the accounting, financial and other professional services firms we serve. This certification provides an additional level of confidence for our customers, particularly as they review their own security practices in preparation for client audits and compliance with regulations such as the EU GDPR.”
The Intapp Secure Cloud is designed and built for secure computing from the ground up, exceeding stringent regulatory requirements while preserving customer control over where data is stored and processed, and how it is accessed. Intapp also conducts regular testing for threats and ongoing monitoring for irregularities to help protect both client and firm data. Firms adopting the cloud version of Intapp Open for business intake, conflicts, terms of business, and experience management), Intapp Flow and Intapp Time benefit from enhanced reliability, performance, and the ability to automatically implement software updates and patches as soon as they become available.
The ISO/IEC 27017:2015 code of practice enables both cloud services providers and their customers to manage the confidentiality, integrity and availability of business information and information entrusted to them, by clearly identifying which parties are responsible for managing cloud-specific threats and security risks, and ensuring that the appropriate cloud security controls are in place.
The ISO/IEC 27018:2014 code of practice establishes clear guidelines for safeguarding Personally Identifiable Information (PII) in the cloud, enabling customers to retain control of their data and ensuring that any personal data will not be used without their explicit consent. ISO/IEC 27018 also requires cloud services providers to undergo independent audits on an annual basis.
Intapp’s ISO/IEC 27001:2013 certificate is available via the Intapp Customer Support Community, or upon request from Intapp.