ISO 27001:2022 & GDPR (ISAE 3000)

We take data seriously, and if you want to know more about our company, the promise we make to our customers and their data, and the scope of our IT security policy, read on.

What is ISO 27001:2022?

ISO is an international information security management standard. It’s recognized internationally, and the same certification is granted in all countries. This means it’s not just relevant in the United States (like the California Consumer Privacy Act [CCPA]) or Europe (like the General Data Protection Regulation [GDPR]) 

The short answer: it’s a quality stamp that we handle data in a secure way.

Why is Playable ISO 27001:2022 certified?

We applied to get ISO27001:2013 certified back in 2019 for two reasons:

Playable is a company that operates within the European Union, and therefore we are GDPR (General Data Processing Regulation) compliant. Undergoing the ISO certification gave us the chance to strengthen our GDPR alignment.

As we began having discussions with enterprise clients, we saw the need for us to show that we have processes in place to handle data securely.

Since we received the first certification, we still strive each year to improve our security process. At our latest ISO review we raised our maturity to level 4 out of 5.  

In 2024 we updated to the ISO27001:2022 framework.

Our certification process

What it means for customers that Playable is ISO 27001:2022 certified

To put it succinctly, it means that the data we handle is secure. That means our customers and our customers’ customers can be sure that we know what to do in a situation in which data has been compromised. 

To expand on this, it also means that all significant IT assets, i.e. systems, data, computers, communication equipment, IT sites, etc. have a security rating, are registered, and can be traced to an owner. It also means that access is given on a need-to-have basis.

Knowing that insanely high engagement and retention are possible by gamifying marketing campaigns, we predict that gamification will be the launchpad of marketing initiatives in the future.

What is ISAE 3000?

An ISAE 3000 report regarding GDPR is an international standard which aims to provide assurance on an organization’s compliance with GDPR requirements.
The report follows the principles and procedures outlined in ISAE 3000 to assess the effectiveness of the organization’s controls related to data protection and privacy.

Key elements of an ISAE 3000 report:

  • Provides a formal assurance opinion on GDPR compliance.
  • Assesses an organization’s compliance with GDPR requirements.
  • Documents procedures, evidence, exceptions, and non-compliance & evaluates the effectiveness of controls related to data protection and privacy.
  • Helps identify and address gaps or weaknesses in data protection measures.
  • Demonstrates compliance with legal and regulatory requirements.

Overall, the ISAE 3000 provides stakeholders with a reliable and independent assessment of an organization’s compliance with GDPR requirements, offering assurance and confidence in the organization’s data protection and privacy practices and assures our customers that their data is handled according to international standards.

View Playable’s ISAE 3000 report for 2023 here.