{"id":60259,"date":"2021-09-07T18:53:37","date_gmt":"2021-09-07T13:23:37","guid":{"rendered":"https:\/\/vwo.com\/blog\/?p=60259"},"modified":"2025-11-13T15:50:05","modified_gmt":"2025-11-13T10:20:05","slug":"iso-277012019-vwos-commitment-towards-data-protection-and-security","status":"publish","type":"post","link":"https:\/\/vwo.com\/blog\/iso-277012019-vwos-commitment-towards-data-protection-and-security\/","title":{"rendered":"ISO 27701:2019\u2014VWO\u2019s Commitment Towards Data Protection and Security"},"content":{"rendered":"\n
\"Feature<\/figure>\n\n\n\n

With progressing technology, cyber-attacks are evolving by the hour. With more than 89% of businesses using software as a service (SaaS) as their cloud computing model, security is the biggest and one of the most concerning challenges<\/a> for online businesses.<\/p>\n\n\n\n

Download Free: A\/B Testing Guide<\/span><\/a><\/em><\/h2>\n\n\n\n

SaaS has been there for a while. Yes, subscription-based services like Netflix and Amazon\u2019s video streaming vertical Prime are SaaS too, and so are your email services like Gmail and Yahoo. Given its versatility and agility to cater to a large variety of customers, SaaS is a hot-selling model that businesses are adopting to scale globally. But it\u2019s equally challenging for businesses to protect colossal customer data from the prevailing and ever-evolving cyber attacks. If any potential vulnerability is neglected, this data could prove devastating for businesses as customers trust their data with companies and have little control over it. <\/p>\n\n\n\n

To combat such attacks, SaaS businesses need to stay at par with the international cybersecurity standards for robust gatekeeping in their security and compliance endeavours to protect customer data and privacy. In this blog post, we have discussed the security measures VWO<\/a> follows to stay updated with the dynamic security landscapes, ensuring a seamless and secure customer experience.<\/p>\n\n\n

Is VWO GDPR compliant?<\/h2>\n\n\n

VWO is not only GDPR compliant but also certified to meet a broader set of international and industry-specific compliance standards<\/a>, including ISO 27001, ISO 27701, SOC 2 Type II, and PCI-DSS, and is also compliant with various other global data protection laws such as HIPAA, CCPA, PIPEDA, etc.<\/p>\n\n\n

What is the ISO\/IEC standard?<\/h2>\n\n\n

ISO\/IEC 27701:2019<\/a> (ISO 27701) is internationally recognized and built as an extension of the widely-used ISO\/IEC 27001 and ISO\/IEC 27002 standards for information security management. VWO follows the global privacy standard that focuses on collecting and processing personally identifiable information (PII), including passwords, card information, phone number, social security numbers, etc. VWO anonymizes such sensitive data of users before storing them on its servers. This standard focuses on three main factors:<\/p>\n\n\n\n

    \n
  1. Providing a framework for implementing, maintaining, and continuously improving a Privacy Information Management System (PIMS).<\/li>\n<\/ol>\n\n\n\n
      \n
    1. Includes requirements and guidance for organizations acting as PII controllers and PII processors, a key distinction from General Data Protection Regulation<\/a> (GDPR) compliance, and other privacy laws.<\/li>\n<\/ol>\n\n\n\n
        \n
      1. Providing confidence to stakeholders and customers that organizations are maintaining the highest standards in managing privacy risks related to PII.<\/li>\n<\/ol>\n\n\n
        \n
        \"Iso\/Iec<\/figure>\n<\/div>\n\n

        How is it important for VWO?<\/h2>\n\n\n

        Being a SaaS organization, VWO handles client data such as personal details, card numbers, visitor profiles, etc., with utmost responsibility and care. To mitigate the risk of any data breaches, VWO anonymizes the data at the point of collection at DACDN nodes, which can never be re-identified once anonymized.<\/p>\n\n\n\n

        In addition, VWO helps customers minimize their data protection compliance burden right from the point of data collection.<\/p>\n\n\n\n

        \n

        “Data minimization (ensuring that data collection and retention is restricted to only those categories of data that are absolutely necessary for a specific purpose) is a fundamental <\/em>privacy principle<\/em><\/a> that should form part of any sound information security and data privacy strategy. If you don\u2019t need it, don\u2019t collect it.” <\/em><\/p>\n~Maheshnarayan Sarasan, Data Protection Officer, Wingify<\/em><\/cite><\/blockquote>\n\n\n\n

        In pursuing compliance with the international standards for security and privacy, VWO has received an accredited ISO\/IEC 27701:2019 certification<\/a> as PII processor and controller after undergoing an audit by an independent third party.<\/p>\n\n\n\n

        This universal framework allows VWO to efficiently comply with new regulatory requirements and keep their customers’ information secure.<\/p>\n\n\n\n

        Download Free: A\/B Testing Guide<\/span><\/a><\/em><\/h2>\n\n\n

        How does VWO protect customer data from cyber-attacks?<\/h2>\n\n\n

        VWO is committed to ensuring security of customer data<\/a> by following robust internal data security and privacy practices: <\/p>\n\n\n\n