Varnish Software is committed to meeting legal, customer and partner requirements through continual improvement and control of Varnish Software's solutions, products, support, services and business processes.
Varnish Software ISO 27001 Certification
Varnish Software has been ISO 27001 certified since April 2023, with an established ISMS (Information Security Management System). Varnish Software has achieved ISO 27001 certification for its offices in Oslo, Norway; Karlstad, Sweden; Stockholm, Sweden, and Tokyo, Japan. The ISMS is an integral part of the organization’s process and overall management structure with the aim of systematically improving and managing information security risks. The management system covers, among other things, changes to the information environment, information handling, supplier management and the HR process to ensure that information confidentiality, integrity and availability is maintained in a suitable manner.
The ISO 27001 Standard
ISO 27001 is a risk-based management system for information security. It means the organization needs to identify which information security risks apply to the organization and select the appropriate controls to mitigate them. Mandatory parts of the standard are:
Context of the organization. The intended scope of the standard in the organization.
Leadership. Management's commitment to maintaining an effective management system as well as information security policy and the formal establishment of security-related roles and responsibilities.
Planning. Activities like risk assessments and risk management.
Support. Provide the necessary resources, training, and communication regarding security.
Operation. Carry out risk assessments and risk treatment.
Performance evaluation. Security monitoring, internal audit and management review.
Improvement. Seize opportunities to make security processes and controls better over time.
The Compliance Function Within Varnish Software
Compliance is an important part of the Varnish Software organization with the main task of ensuring legal compliance, compliance with company policies and supporting the organization and driving awareness. Varnish Software’s compliance agenda is led by the compliance officer with both an internal and external focus.
Identifying relevant risks an organization faces and ensuring that operations are in line with regulatory standards
Designing and implementing compliance programs while also resolving compliance difficulties as they occur in real time
Reviewing and commenting on policies and procedures
Acting as an advisor and providing input to senior management
Driving training and awareness initiatives
Driving improvements by ISO 27001 standards
Serving as the official channel of communication with regulators
Reviewing documents to be submitted to regulators
Clarifying laws and guidelines with regulators
Reviewing and approving customer compliance-related agreements
Varnish Software Compliance Lines of Defense
Varnish Software directs and leads its compliance work based on the three lines of defense. The ambition is to constantly strengthen, develop and improve each line to ensure compliance with laws, regulations and customer requirements.
First Line: Varnish Software’s first line of defense is its employees who are involved in developing, designing, supporting and selling our products. Their obligations are to report any incident, event, risks or nonconformities related to Varnish Software products, operations and customers.
Second Line: Varnish Software’s second line of defense is the risk-related functions (IT and information security functions at Varnish Software). Their obligations are to treat and mitigate any incident, event, risks or nonconformities related to Varnish Software products, operations and customers.
Third Line: Varnish Software’s third line of defense is the compliance function. This is made up of external and internal auditors who independently evaluate compliance risks and controls.
They are also responsible for reporting to the management team. Varnish Software ensures compliance with laws, regulations and customer requirements preliminarily with the following activities:
Internal Audit Program (ISO 27001), performed annually
External Audit Program (ISO 27001), performed annually
Finance Audit Program (law) including ISA 315 (information security)
Risk management procedure and reporting
Incident management procedure and reporting
Improvement management procedure and reporting
Varnish Software strives for and encourages its employees and partners to continuously consider, assess, and evaluate any compliance risks related to Varnish Software services and operation and report risk according to established procedures. Varnish supports a compliance culture where:
All employees understand the compliance risks relevant for their respective role.
All employees, managers and members of the management feel empowered to take active steps to ensure Varnish Software remains compliant with applicable laws, rules and regulations.
Compliance role models are highlighted and ethical behavior is rewarded.
A willingness to report incidents or risks related to compliance is encouraged.
Information at Varnish Software
Varnish Software uses the security controls from the ISO 27001 standard as a baseline to provide secure services for our customers.
Varnish Software Information Security Management System, ISMS processes, policies, processes, procedures and guidelines describe how the work with information security shall be conducted. The ISMS follows an iterative cycle of phases to plan, implement, monitor and improve. Varnish Software’s CEO is the ultimate owner of and responsible for information security within Varnish Software. The compliance officer is responsible for the ISMS and the associated activities and reports to the COO.
The work on information security within the framework of the ISMS is based on operational risk, security risks and regulatory requirements. Risk management identifies risks associated with privacy, traceability, loss of confidentiality, integrity and availability of information within the scope of the ISMS.
ISMS planning is based on the business purpose of information security and is implemented top down, with the business context as the foundation. Varnish Software ensures that the ISMS can achieve its intended outcome, prevent or reduce undesired effects and enable continual improvement.
To verify status and progress according to ISO 27001 requirements, governance and operational activities are monitored.
Connect with Our Team
We’re happy to help with any questions you may have about our compliance processes, software, support or anything else Varnish related.
- Explore our products
- Free trial
- Fully functional
Talk with an advisor about the right solution for your needs
We have offices across the globe who can help answer any questions you may have.