ISO 27001Certification Roadmap
Our information security management system is designed around first-principle privacy operations. Explore the exact steps we are taking to achieve ISO 27001 certification.
Key Features:
Secure Service
Professional data protection solutions
Implementation Milestones
ISO 27001 is not a checkbox project. We built the ISMS around the same processes that power our takedown operations: auditable requests, minimal data retention, and clearly assigned owners.
Scope & Governance
Completed August 2025
Defined ISMS scope: trade data takedown operations, Buffsend outreach infrastructure, evidence archives
Appointed ISMS steering committee chaired by Ozzy Ocak and security engineering lead Deniz Arslan
Published Statement of Applicability covering 81 Annex A controls
Implemented quarterly management review with documented minutes
Risk Treatment & Control Implementation
In progress — target January 2026
Completed risk assessment aligned with ISO 27005 methodology
Deploying continuous vulnerability management with monthly external scanning
Rolling out supplier security questionnaire for all subprocessors
Finalizing secure software development lifecycle documentation for internal tools
Internal Audit & Certification
Stage 1 April 2026 • Stage 2 June 2026
Engage accredited certification body for Stage 1 audit (April 2026)
Remediate Stage 1 findings within 30 days with client-visible change log
Stage 2 on-site/remote hybrid audit in June 2026
Publish certification statement and surveillance audit calendar
Risk Register Access
Clients can inspect anonymized risk entries, treatment status, and responsible owners.
Policy Change Log
Every ISMS policy update is versioned with author, reviewer, and impact notes.
Annex A Coverage
We share our Statement of Applicability with control narratives and evidence pointers.
Need to Reference Specific Controls?
We provide crosswalks between ISO 27001 Annex A, SOC 2 CC-series, and platform takedown SOPs. Our team can join your security review to map our controls to yours.