SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Bazaarvoice achieves ISO/IEC 27001 security certification
Tue, 6th Dec 2022
FYI, this story is more than a year old

Bazaarvoice, the provider of product reviews and user-generated content (UGC) solutions, has achieved ISO/IEC 27001 certification. 

The International Organization for Standardization (ISO) is an independent, non-governmental, international body that develops standards to ensure the quality, safety, and efficiency of products, services, and systems. With 24,375 standards and 167 countries represented, it is a hallmark of excellence and innovation for those who carry its certification.

ISO 27001 is an Information Security Management System (ISMS) standard. An ISMS is a framework of policies, standards, and procedures that includes all controls needed to ensure, manage, and continuously improve information security within an organization.

“The process to become ISO 27001 certified is a  complex, multi-year undertaking that requires a high degree of operational maturity, and which only the most sophisticated organizations can achieve,” says Lance Wright, Bazaarvoice’s Chief Information Security Office (CISO). 

“But it doesn’t stop here. ISO 27001 is based on the concept of continuous improvement and we remain committed to raising the bar when it comes to the security of our systems and data.”

ISO/IEC 27001 is the world’s foremost standard for information security management systems. 

Bazaarvoice had to prove it had the processes and systems resilient to cyber-attacks to achieve it. 

In addition, it had to show a centrally managed framework that secures all information in one place. 

Thirdly, the company needed to offer organization-wide protection against technology-based risks and other threats.

Finally, Bazaarvoice has to demonstrate capabilities to respond to evolving security threats.

“This certification confirms the investment Bazaarvoice has made and will continue to make in its security management system,” says Colin Bodell, CTO at Bazaarvoice. 

“Without it, user-generated content providers’ internal systems cannot be independently assessed as conforming to global industry standards. The ISO/IEC 27001 certification further cements Bazaarvoice’s commitment to security management. This is a must-have certification for any business that provides brands, retailers, and shoppers with trusted user-generated content to help inform sales and purchase decisions.” 

Bazaarvoice's extensive global retail, social, and search syndication network, product-passionate community, and enterprise-level technology provide the tools brands, and retailers need to create smarter shopper experiences across the customer journey.

Understanding how to effectively manage vulnerabilities is key to ensuring a well-protected solution. Bazaarvoice consistently checks for vulnerabilities and quickly addresses them in a risk-based approach aligned with well-respected security standards.

The Cloud Security Alliance (CSA) Consensus Assessment Initiative Questionnaire (CAIQ) provides an efficient and transparent way to communicate which security controls are in place for cloud providers. Bazaarvoice uses this framework to respond effectively to client security information requests.

Bazaarvoice engages with independent third parties to perform penetration testing annually. Its security professionals work with pen testing partners to review all findings and develop a plan to remediate them. The company then conducts follow-up testing to ensure the effectiveness of the remediation activities and offers summary reporting to clients upon request.

Bazaarvoice makes sure the client data remains available and secure. But it is also well-prepared should an incident occur. A comprehensive incident response plan is regularly updated and tested to ensure it operates effectively. It helps the company validate, communicate, and ultimately remediate issues quickly.