Napisane przez Carolin Kaulfersch w dniu 27 marca 2026

ISO certification at Eye-Able

News
For us, ISO certification is not a box-ticking exercise. It reflects how we organise and implement quality, information security, and cloud security in our day-to-day work. With our latest certification, we have deliberately expanded and further developed our system.

New ISO certifications 27017 and 27018What exactly has been certified 

We now operate an integrated management system that combines the requirements of four standards: 

  • DIN EN ISO 9001 – Quality management 

  • DIN EN ISO/IEC 27001 – Information security management

  • DIN EN ISO/IEC 27017 – Information security for cloud services

  • DIN EN ISO/IEC 27018 – Protection of personal data in cloud environments 

Rather than managing individual certifications in isolation, we have consciously chosen a unified system. 

As a SaaS provider, it was particularly important for us to embed cloud security structurally – not merely as an add-on to information security. 

Standards 27017 and 27018 provide clarity here: 
They define responsibilities between provider and customer and set out clear guidelines for handling personal data in the cloud. 

How the audit process was carried out 

The certification process took place over several months and was structured in three consecutive phases. BSI Group assessed different aspects in detail: 

  • September 2025: Foundations of the integrated management system – processes, documentation, key roles, and responsibilities

  • December 2025: Infrastructure, operations, and interfaces with our key services and suppliers

  • January–March 2026: Effectiveness in day-to-day operations – do risk management, incident response, and continuous improvement actually work in practice? 

What this means for our customers 

The certification brings tangible benefits for working with our customers and partners: 

Quality, information security, cloud security, and data protection are combined within one system 
Measures are not only documented but externally verified 
Requirements can be aligned based on clearly defined standards 

This makes coordination significantly easier for many organisations – particularly with IT, data protection, and legal teams. 

Especially in regulated industries or the public sector, this reduces effort considerably: 
Many requirements can be addressed directly based on the certifications, rather than being developed from scratch. 

What comes next 

Certification does not mean the work is done. 
What matters now is whether processes, responsibilities, and measures hold up in everyday practice – for example in product development, collaboration with service providers, or incident handling. 

That is exactly what we continue to focus on. 

Digital accessibility decides whether customers can shop at all. Check your website’s accessibility now – and reduce legal risk before it becomes a problem.

Check your website
Filtr

Filtruj według kategorii

Potwierdź swój wybór przyciskiem na końcu listy po wybraniu kategorii.

Zresetuj filtry
Laptop displaying the words "Manual testing" and icons in the background.

Manual accessibility tests: Why you need more than automated testing

Przeczytaj historię

You need more information?

Contact us and we will be happy to help you.

Contact Arrange appointment
A man and a woman look at a monitor and laugh