Rokt is ISO Certified – What this means for you

By Guido Santo

Rokt is ISO/IEC 27001:2013 certified, meeting international standards for information security management, verified by an independent certification body. We are extremely proud of this certification and are committed to continually holding ourselves to the highest standards when it comes to data security, privacy, and compliance. It’s one thing for us to say that we are ISO certified, but what does that mean? And more importantly, what does that mean for you.


Understanding the ISO Certification 

ISO/IEC 27001 is a global information security standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Together they form an independent non-governmental committee, developing and maintaining standards for information and communications technology and related technologies.

The ISO/IEC 27001 standard is a specification for an information security management system (ISMS) and includes people, processes, and IT systems by applying a risk management process.

What is an Information Security Management System (ISMS)?

The ISMS is a security framework that specifies controls related to the management of information security risks to ensure the confidentiality, availability, and integrity of our clients’ and their customers’ information is protected against threats and vulnerabilities. 

Why is the ISO/IEC 27001 certification important to Rokt?

Data is at the core of everything we do at Rokt and we take information security and privacy very seriously.  We hold ourselves to a high standard when it comes to information security and work hard to ensure our systems, technology, and processes meet global standards. ISO/IEC 27001 is an internationally recognized standard and we are proud of our ISO/IEC 27001 certification.

ISO certification is not required, it is 100% voluntary. Rokt felt it was essential to achieve this certification to demonstrate to our clients and their customers that we are 100% committed to protecting data.  

What does this mean for Rokt’s clients and their customers?

We want you to rest assured that becoming ISO certified is not easy. To hold this certification, companies must prove their compliance annually with an independent audit of their information security management system. What this means for you is that you can expect us to meet high standards of information security.

There are many benefits to working with an organization that is certified because it is an indicator of quality and competency — security is just one part of it, this same statement can be applied broadly across certifications of all kinds. For instance, you’re confident about not getting sick when you enter a restaurant which is licensed and adheres to food safety standards. In the same way, you can be confident that Rokt is complying with one of the world’s most recognized standards on information security and all PII and data is protected.

What starts with the benefit of peace-of-mind can translate into improved efficiency that can improve your bottom-line and, in the event of unforeseen incidents, limit impacts to it. In the case of security, those positive impacts can include:

  • High uptime and availability; our platform is always reachable and securely matching customers to relevant offers 
  • Reduction in costs from avoiding unwanted incidents or breaches 
  • Increase in reputation and public relations from keeping the trust of your users

There will be no change or action required for Rokt’s clients and their customers. Rokt’s achievement of the ISO/IEC 27001 certification is a true testament to our high standard security practices. This certification demonstrates our rigorous approach when it comes to data protection and management for all.

What’s next?

To ensure Rokt continues to meet world-class security standards and maintain ISO/IEC 27001 certification, annual surveillance audits are conducted by an accredited certification body.  

Some of our ISO/IEC 27001 compliance efforts include:

  • Establishing rigorous frameworks: Creating a management framework to initiate and control the implementation and operation of information security within Rokt
  • Risk assessments: Reviewing vulnerabilities and cyber threats to manage risks that may impact the confidentiality, integrity or availability of our client’s information on a regular basis
  • Enhanced controls: Preventing unauthorized access to Rokt’s systems and applications
  • Stronger protection: Protecting against malicious cyber attacks and threats to Rokt’s infrastructure
  • Legal and regulatory requirements: Complying with legislation and regulations in all countries in which we operate 
  • Building capabilities: Training our team, monitoring relevant security bulletins, conducting independent reviews of our program and third-party penetration tests
  • Continuous improvements: Reviewing of our policies and processes to continuously improve the effectiveness of our information security program on a regular basis

The protection of client data and their customers’ data is paramount to what we do at Rokt. We’re committed to maintaining our ISO/IEC 27001 certification in future years and will continuously strengthen our ISMS in preparation of the constantly evolving cyber threats.

Do you have any questions about how ISO certification works or how we adhere to it? Are you interested in learning how our secure platform can help generate revenue for your ecommerce business? We’re ready to help. To learn more, request a demo or contact today!