We take data seriously, and if you want to know more about our company, the promise we make to our customers and their data, and the scope of our IT security policy, read on.
ISO is an international information security management standard. It’s recognized internationally, and the same certification is granted in all countries. This means it’s not just relevant in the United States (like the California Consumer Privacy Act [CCPA]) or Europe (like the General Data Protection Regulation [GDPR])
The short answer: it’s a quality stamp that we handle data in a secure way.
We applied to get ISO27001:2013 back in 2019 certified for two reasons:
1.Playable is a company that operates within the European Union, and therefore we are GDPR (General Data Processing Regulation) compliant. Undergoing the ISO certification gave us the chance to strengthen our GDPR alignment.
2.As we began having discussions with enterprise clients, we saw the need for us to show that we have processes in place to handle data securely.
Since we received the first certification, we still strive each year to improve our security process. At our latest ISO review we raised our maturity to level 4 out of 5.
To put it succinctly, it means that the data we handle is secure. That means our customers and our customers’ customers can be sure that we know what to do in a situation in which data has been compromised.
To expand on this, it also means that all significant IT assets, i.e. systems, data, computers, communication equipment, IT sites, etc. have a security rating, are registered, and can be traced to an owner. It also means that access is given on a need-to-have basis.
Knowing that insanely high engagement and retention are possible by gamifying marketing campaigns, we predict that gamification will be the launchpad of marketing initiatives in the future.
An ISAE 3000 report regarding GDPR is an international standard which aims to provide assurance on an organization’s compliance with GDPR requirements.The report follows the principles and procedures outlined in ISAE 3000 to assess the effectiveness of the organization’s controls related to data protection and privacy.
Key elements of an ISAE 3000 report:
Overall, the ISAE 3000 provides stakeholders with a reliable and independent assessment of an organization’s compliance with GDPR requirements, offering assurance and confidence in the organization’s data protection and privacy practices and assures our customers that their data is handled according to international standards.
View Playable’s ISAE 3000 report for 2023 here.