Security has been a key concern here since the earliest days of Brandwatch.

We have had our work verified internally and by many customers across the years, but a recurring question turning up again and again was whether we had ISO27001 accreditation.

ISO27001:2013 is an international benchmark for security for ‘information security management systems’.

Without going into the gory details, it covers how you ensure that your security policies are complete, and how you ensure your security policies evolve in response to new developments and new threats.

key-182921_1280Its value is twofold, giving organizations like Brandwatch a framework we can use to verify that our security coverage is extensive and detailed enough, and also providing a framework for external assessment – with audits covering not just the quality of our security policies, but also how these policies strengthen over time.

We are already using ISO27001 accredited data centres for the Brandwatch applications, but security is about far more than the physical housing of the machines we run on (not to discount the value of a good data centre, and we have two).

Making changes

So, for the past seven months we’ve been adapting our years of experience here to align with the ISO27001 standard.

The process, like so much of what we do here at Brandwatch, was implemented in-house, so that we can ensure we do it in a correct and enduring fashion but without blocking our ability to innovate our products and platform.

camera-19223_1280We chose the BSI Group to run the audits, partly because they are an organization we know we can trust, but also because we knew that they would set the bar high.

We were audited by two separate auditors across a period of three months, covering all aspects of how we operate and run our platform, for the development lifecycle to staff training to network operation and on and on.

And, as of a few weeks ago, Brandwatch is ISO27001:2013 certified, and our clients now have an external verification of all the work we have done to secure their data.

Proud as we are of that fact, for security there is no silver bullet, just vigilance. We will still be patching SSL libraries and reminding staff not to open dubious emails for years to come, but now with the extra mechanisms and external surveillance audits to make sure our standards stay high.

Password security

Reflecting our proactive approach and responsiveness to the evolving requirements of our current and new customers, in Q1 we made improvements to password security in the platform by providing clients with automatic and periodic expiration of passwords and preventing the re-use of old passwords when current ones expire.

We’ll continue to improve password management and further enhancements are to follow.

safePasswords can be lost or stolen, and in these situations ‘two-factor authentication’ (2FA) can be used to help maintain security of information.

In Q4 last year selectively we introduced 2FA, employing a password and a mobile phone app to verify accounts. Later this year we’ll provide all users with a secret question they can answer to protect their password, and future plans include providing 2FA using a mobile app or SMS for the Administrator role.

If you’re a client of Brandwatch and would like to discuss enabling automatic password expiration and 2FA on your account, get in touch with your account manager or our support team.

Brandwatch also has plenty of other security features, of course, including an advanced permissions system and SSO for those who need it, and we’re always working on more.