As a merchant, navigating the world of ISO certifications can get pretty overwhelming — after all, there are over 24,000 international standards that govern almost all aspects of technology and manufacturing.
But, it’s important that you understand what these certifications mean and how they will impact your business. It’s likely that suppliers and third-party vendors you encounter these days will claim to be certified to some degree or another.
So what does it mean, and why should you care?
Who develops international standards?
The International Organization for Standardization (ISO) is an international non-governmental organisation made up of 166 national standards bodies.
The group develops and publishes a range of industrial, commercial and proprietary standards. These standards are internationally agreed upon and act like a formula for the best practice way of doing things.
What is an ISO certification?
Businesses can get ISO certifications from an independent certification body. This means that an independent body has given its assurance that the applicable products, services or systems meet specific and stringent requirements, laid out by the ISO group.
Manufacturers, software providers, and many more companies use these as a framework to ensure that they are providing a best-practice service in a particular area. It’s almost like a set of instructions that help companies achieve their best.
For example, if a company says they are ISO 9001:2015 certified, it means that they’ve met all the requirements under the 2015 edition of the ISO 9001 quality management standard.
Types of ISO standards
As we mentioned, the ISO has developed over 24,000 standards. They govern almost everything imaginable, from camera shutter speeds to safe manufacturing standards, international standardisation of road signs, and more.
Here at POLi we adhere to ISO 27001, which relates to information security. We’ll talk more about what that means below, but in short it essentially says that:
- For us, we know we’re providing an internationally recognised standard of data protection.
- For you as a POLi merchant, you know that your data and your customers’ data is being kept as safe as possible – to a global benchmark.
More about ISO 27001: Information security
The ISO 2700 standard can be used by any organisation in any industry to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third-parties. In 2020, 66 New Zealand businesses earned an ISO 27001 certificate, almost double from the previous year (ISO Survey 2020).
POLi is an example of an ISO 27001 certified company. Our security features are guided by its framework, which means:
- POLi doesn’t collect data such as usernames and passwords.
- All communication to or from our portal uses HTTPS transport level security and no sensitive information is stored nor cached.
- We perform regular external security vulnerability scans.
- We encourage Australian and New Zealand banks to review the security credentials of the POLi system, to ensure transparency.
Information security is vital in the modern e-commerce age
An increasing number of people are making transactions online. In 2020, there were approximately 53.08 million online shopping transactions in New Zealand, an increase of 17% from 2019 (Statista). With so many online transactions taking place, ISO 27001 is an important standard for any online payments provider to meet.
Customers, partners and stakeholders want to be reassured that the right processes are in place to safeguard information and business assets; it also signals to stakeholders that there is a clear commitment to information security.
So whether you’re looking into POLi as a service or another app, you’ll know to keep an eye out for ISO 27001.
Learn more: “Is Open Banking safe in NZ?”
How do companies get an ISO certificate?
For any business that wants to get ISO certified, they must get in touch with their local certification body. There are quite a few providers in the Australia/New Zealand region, which, if you’re interested, you can find here.
Typically, certification bodies will determine the steps a business must take to meet the requirements of a certification audit. Then, they will perform the audit and help that company recertify their ISO certificate every three years to ensure they remain up to standards and are keeping up with the latest developments.
By going through this process, you can be more certain as a merchant that if a company claims it is certified, it has been so by a qualified third party. Of course, if you’re ever unsure about a claim you can always ask to see the certificate itself.