Skip to content

Keepit Achieves Enterprise-Wide ISO/IEC 27001 Security Certification

Certification by BSI Group Ensures that Keepit Meets Stringent, International Information Security Standards
Copenhagen, Denmark – May 17, 2022 – , the market leader in cloud backup and recovery, and the world’s only independent, vendor-neutral cloud dedicated to SaaS data protection with a blockchain-verified solution, today announced that the company has earned International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27001:2013 certification for information security management systems (ISMS). By achieving the certification, Keepit continues to demonstrate its dedication and ability to deliver best-in-class security technology to its customers.

“We are pleased to announce Keepit’s ISO/IEC 27001 certification. This accomplishment, the work for which has been underway for years, conveys how committed we are to implementing the highest level of internal security and compliance, and to satisfying industry-leading standards for security and privacy,” said Keepit Chief Technology Officer, Jakob Østergaard.

“When it comes to backup and recovery, businesses seeking solutions need to be incredibly thorough in their due diligence processes. The ISO/IEC assessment report for Keepit acknowledged that our company already had a tradition of a high level of based on long-term work within our industry and with our partners, and we are pleased that our ISO/IEC certification will further reassure our customers and streamline their due diligence processes. Additionally, we are extremely proud that we met our distinct and ambitious goal of certifying our entire organization, including our entire software development lifecycle and the physical locations of the primary development offices”


A worldwide information security management standard jointly published by the ISO and IEC, the 27001 certification specifies a comprehensive set of best practices and controls — including policies, procedures, and staff training — that structure how businesses should manage risks associated with information security threats. The certification also outlines requirements for developing, operating, maintaining, and continually improving an ISMS. Benefits of Keepit’s 27001 certification include:

  • A systematic, verified approach to information security that results in superior customer data protection;
  • Ongoing performance evaluations and internal audits that ensure Keepit continues to meet the requirements of the ISO/IEC 27001 standard;
  • Continued improvement of business continuity management and disaster recovery plans;
  • Risk, vulnerability, and security incident management practices that enhance overall information technology (IT) operations security;
  • Compliance with current and future legal and regulatory requirements.

To attain ISO/IEC 27001 certification, Keepit engaged in a rigorous, multi-faceted audit conducted by The British Standards Institution (). Comprising a framework that includes 150 controls, the audit evaluated Keepit’s ISMS information security, cybersecurity, and privacy protection processes, and encompassed the entire company, including services and technology, business continuity and operations, disaster recovery, and sales and legal operations. For more information on ISO/IEC 27001, please visit.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

What is ISO 27001 and how can it benefit your business?

The International Organization for Standardization is an internationally known and respected agency that manages and structures standards for various areas, including cybersecurity.

ISO 27001 is a systematic approach to managing confidential company information so that it remains secure. It includes people, processes and IT systems from the application of a risk management process.

But why would companies be willing to go through the ISO 27001 certification process? First, to ensure that your cybersecurity program is secure enough. So the certification process looks for weaknesses and adjusts cybersecurity to work for the company, not against it.

Second, compliance with ISO 27001 facilitates the two most important things for every business – customer and employee trust. Who would choose to buy your service or work for your company if you couldn’t guarantee the security of their private data?

Finally, ISO 27001 certification is a great tool for optimizing your internal workflow, eliminating obsolete processes and driving your business towards continuous improvement. Read on and learn more about the benefits of ISO 27001 compliance for your business.

What is the ISO 27001 standard?

ISO 27001 is actually a set of a dozen standards designed to protect a company’s confidential information assets.

The International Organization for Standardization considers ISO 27001 the leading information security management standard. During the course of this text, you will know the particularities of the requirements related to the Information Security Management System (ISMS) necessary for compliance with the ISO 27001 standard.

The implementation of ISO 27001 should facilitate the security management of sensitive assets. This could be financial data, staff information, intellectual property files, or data about your business partners. Attending the requirements of this standard should enable the company to protect itself against any loss, theft or unauthorized alteration of its confidential data and any associated risks.

Like any standard, ISO 27001 is not mandatory for companies. However, it is particularly useful when it comes to establishing information security controls. Some companies also use it to show their customers and partners how committed they are to cybersecurity.

In detail, the ISO 27001 standard is designed to protect a company’s information systems by preventing cyber risks. In addition the pattern:

  • Specifies the information technology protection measures that can be considered by Information Security teams.
  • Prevents the risk of intrusion and disaster in computer systems.
  • It also disseminates organizational best practices regarding cybersecurity.

All of this is part of the Information Security Management System (ISMS), and applies to information systems and processes as well as to people affected by cybersecurity. This system is a powerful tool for managing risk and anticipating cybersecurity breaches.

Why is ISO 27001 compliance important?

While ISO 27001 compliance is not mandatory for any organization, companies may choose to achieve and maintain ISO 27001 compliance to demonstrate that they have implemented the necessary security controls and processes to protect their systems and the confidential data in their possession. .

Achieving compliance with ISO 27001 is important as a differentiator in the market and as a basis for compliance with other mandatory requirements and standards. An organization that complies with ISO 27001 is likely to be more secure than one without it, and the standard provides a solid framework on which to build many of the security controls required by other regulations.

What are the phases for ISO 27001 compliance?

To get started with ISO 27001 compliance it is essential to understand some of the key concepts of ISO and what they can mean for a company that is looking to implement them.


To be certified by ISO 27001, a company must follow several procedures structured in an Information Security Management System (ISMS):

  • Precisely define the scope of your ISMS.
  • Conduct internal audits on information security risks to better ensure data protection.
  • Estimate the probability and impact of each of these possible events, for example by risk mapping.
  • Design a Risk Treatment Plan based on this mapping.
  • Write the Declaration of Applicability (SoA), a document through which the general management expresses its commitment to the cybersecurity measures described in the Risk Treatment Plan.
  • Convert the Risk Treatment Plan into an action plan, providing performance indicators and regular updates throughout the ISMS lifecycle.

The main objective of the ISO 27001 regulation is to guide organizations in the creation, implementation and application of an ISMS. This ISMS describes the controls, processes and procedures that the company has implemented to ensure the confidentiality, integrity and availability of the data in its possession.


To achieve compliance with ISO 27001, an organization must also document the steps that were taken in the ISMS development process.

Key documentation includes:

  • Scope of the ISMS
  • Information Security Policy
  • Information Security Risk Assessment Process and Plan
  • Information security objectives
  • Evidence of Competence of Persons Working in Information Security
  • Results of the Assessment and Treatment of Information Security Risks
  • Internal Audit Program and Results of Conducted Audits
  • Evidence from ISMS leadership reviews
  • Evidence of Identified Nonconformities and Results of Corrective Actions


ISO 27001 defines a set of audit controls that must be included in a compliant ISMS. These include:

  1. Information Security Policies. This control describes how security policies must be documented and reviewed as part of the ISMS.
  2. Information Security Organization. Role responsibilities are an important part of an ISMS. This control divides security responsibilities across the organization, ensuring there is clear accountability for each task.
  3. Human Resources Security. This control addresses how employees are trained in cybersecurity when starting and ending roles in an organization, including onboarding, termination, and job changes.
  4. Asset Management. Data security is a primary concern of ISO 27001. This control focuses on managing access and security of assets that affect data security, including hardware, software, and databases.
  5. Access control. This control discusses how an organization manages access to data to protect against unauthorized access to sensitive or valuable data.
  6. Cryptography. This is one of the most powerful tools for data protection. Companies should implement data encryption whenever possible using strong cryptographic algorithms.
  7. Physical and Environmental Security. Physical access to systems can undermine digital security controls. This control focuses on securing buildings and equipment within an organization.
  8. Operations Security. Operations security focuses on how the organization processes and manages data. The organization must have visibility and control over the flows of data in its IT environment.
  9. Communications Security. Communication systems used by an organization (email, video conferencing, etc.) must encrypt data in transit and have strong access controls.
  10. Acquisition, Development and Maintenance of Systems. This control focuses on ensuring that new systems introduced into an organization’s environment do not jeopardize the company’s security and that existing systems are maintained in a secure state.
  11. Relationships with Suppliers. Third-party relationships create the potential for supply chain attacks. An ISMS must include controls to track third-party relationships and manage risks.
  12. Information Security Incident Management. The company must have processes in place to detect and manage security incidents.
  13. Information Security Aspects of Data Management Business Continuity. In addition to security incidents, the company must be prepared to manage other events (such as fires, power outages, etc.) that could negatively impact security.
  14. Conformity. As part of ISO 27001 compliance, the organization must be able to demonstrate full compliance with other mandatory regulations to which the organization is subject.

What are the main benefits of reaching ISO 27001?

There are obvious benefits for companies that comply with this standard. This requires actively implementing the necessary measures, processes, and policies for an improved security posture.

This reduces the chance of a company experiencing a data breach and, if it does, ensures that the company is fully prepared with incident response and business continuity plans to minimize damage.

Here are the key benefits of achieving ISO 27001 compliance.

Data Security Enhancement

By implementing the standard, you will understand your own security landscape and the most up-to-date digital defense mechanisms. You’ll learn about data management best practices through an audit of what you’re doing right, but more importantly, what needs improvement.

Threats that put your organization at risk will be assessed and you will learn how to protect your assets through tactics that involve confidentiality, safeguard and authorization procedures.

Improvement of Processes and Strategies

ISO 27001 puts cyber strategy at the forefront of its certification. Qualified auditors seek to address your risks to mitigate security breaches. They map goals and objectives into an actionable approach to defining data security accountability across your team. The certification process will also help you create documentation that can be used as a guide and updated for years to come.

Alignment with Management Systems

The good news is that ISO 27001 aligns with any current ISO management system you may already have in place. Because this standard fits so easily and has many overlapping clauses with other ISOs, it eliminates the need for constant verification and auditing of all your management systems.

Culture of Continuous Improvement

In the ever-evolving world of cybersecurity, this is a weight off your shoulders as you are assured that with the help of ISO 27001, you can always meet new requirements and obligations.

Development of a Quality Brand

Another big advantage of getting ISO 27001 certified is the benefits it does to your reputation. This standard is internationally recognized and externally assured, conveying to the business world that it is a credible and trustworthy organization.

It will automatically increase customer trust by demonstrating your commitment to cybersecurity and compliance with legislation such as GDPR. This will help you win new business, keeping you ahead of other organizations that are not certified, opening you up to new industries and contacts.

Cost Reduction

The ISO 27001 standard also helps in implementing policies to organize and improve business processes. This ends up causing a reduction in costs, as a result of the implementation of a good security and management system.

By having a clear view of strategic management, it is possible to reduce risks considerably. This ends up saving the company the resources that would be spent on corrections.

This directly influences the company’s cash flow, reducing costs with this type of situation, especially considering that the expenses to resolve any data security issue are always very high.

In this way, eliminating the risk of spending on this issue already makes the situation more comfortable for the company. In view of this scenario, it is simple to see why ISO 27001 is so important for companies.

Privileged Access Management as a key to ISO 27001 compliance

ISO 27001 covers a broad scope of information security. The framework includes controls for security policy, asset management, encryption, human resources, environment recovery, and more.

Access control, however, figures prominently in the framework. Specific controls deal with access, but authorization and authentication issues are crucial to almost every aspect of the framework. After all, effective data encryption is impossible if you cannot control who has access to encryption mechanisms.

Altogether, ISO 27001 provides 14 controls, five of which may be related to Privileged Access Management (PAM). Let’s investigate them more closely.

Section A.6 Information Security Organization

It requires a company to provide a transparent and detailed management framework that regulates and enforces cybersecurity programs. The company must be fully aware of what roles, responsibilities and tasks employees can and actually perform.

How can Privileged Access Management (PAM) help? Through the use of access policies and permissions, the software regulates and manages users and their rights and responsibilities. In fact, PAM restricts the ability to perform any unauthorized actions.

Section A.9 Access Controls

The company must regulate and, if necessary, restrict employee access to different types of resources and information.

How can Privileged Access Management (PAM) help? In fact, PAM can control which resources, which time period, and which users access should be granted. It helps to granularly distribute access rights as required by business needs and cybersecurity programs.

Section A.12 Security of Operations

Regulates the processes linked to the flow and storage of information.

How can Privileged Access Management (PAM) help? The solution is capable of tracking any user’s activities, such as attempts to relocate and change company data. It can also log all events, which contributes to faster incident response. In short, these features provide another layer of verification and transparency of data flows.

Section A.15 Supplier Relations

Describes the process of secure interaction between the company and third parties (vendor technical support, contractors, remote workers outside the network).

How can Privileged Access Management (PAM) help? To protect the confidential company data from third parties and prevent unauthorized access, the software can define the list of policies that define with clear permissions of third parties within the company’s information systems. In fact, PAM can also track users’ activities.

Section A.16 Information Security Incident Management

It controls and verifies how the company can act on alert security events and if response workflows are configured effectively.

How can Privileged Access Management (PAM) help? Using the out-of-the-box event recording mechanisms and video and text recordings of sessions, the software provides a quick way to understand the reason for the incident. By acting immediately, the company can mitigate the consequences of the security incident.

In fact, Privileged Access Management can simplify the ISO 27001 certification process because it is a ready-to-use instrument capable of mitigating threats associated with misuse of privileged access and adjusting the internal cybersecurity plan according to the requirements.

senhasegura solution for ISO 27001

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard 27001 is an internationally recognized standard for specifying Information Security Management Systems. Complying with this standard helps any organization to meet its obligations to customers and business partners.

For service providers, from cloud data centers to law firms, being able to operate requires attesting to their responsibility for their customers’ sensitive information. Auditors around the world also rely on the ISO 27001 standard as the basis for evaluating control and verifying compliance to a range of regulations and standards.

A PAM solution protects an organization against accidental or deliberate misuse of privileged access, and should be a critical element of an ISMS. The senhasegura solution tracks privileged users, enabling the implementation of ISO 27001 through a secure, centralized and simplified mechanism to authorize and monitor all privileged users for all relevant systems. In addition, senhasegura:

  • Grants and revokes privileges to users only on systems on which they are authorized.
  • Avoids the need for privileged users to have or need local passwords.
  • Quickly and centrally manage access to a set of heterogeneous systems.
  • Creates an unalterable audit trail for any privileged operation.
  • It is a critical element of the ISMS, allowing organizations to track every action of privileged users on their IT infrastructure.

Request a demo now and discover the benefits of senhasegura for your company.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Senhasegura
Senhasegura strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

訊連科技推出全新PowerDVD 22 全球 No.1 影音播放軟體再升級 打造劇院規格影音體驗

【2022年05月13日,台北訊】多媒體創作軟體領導廠商訊連科技(5203.TW)發表全新升級PowerDVD 22多媒體播放軟體。廣受國內外用戶肯定的PowerDVD不僅支援8K、4K HDR、藍光及各種主流格式檔案播放,使用者亦可將收藏的電影、音樂等多媒體內容串流至多台裝置,隨時隨地享受身歷其境的影音體驗。

PowerDVD 22新增播放清單功能並支援客製化設定選項,使用者可依據偏好,調整觀看影片色彩、亮度及音質等選項,打造專屬觀影模式。PowerDVD 22另帶來全新音訊強化技術,慢速播放影片時仍能維持高規格音質、避免失真,呈現更豐富的聲音細節。

為了優化跨裝置收看功能,PowerDVD 22的全新工具讓用戶可以剪輯影音片段,轉換成適合儲存在智慧型手機的檔案格式,如MP4影片檔案及AAC、MP3音訊檔案。亦支援藍光、DVD光碟一鍵轉檔,使用者可於過程中觀看預覽畫面、擷取特定章節,快速將實體光碟備份為數位內容。

隨著觀影習慣改變,YouTube成為現代人收看影片的主要平台之一,PowerDVD 22亦針對此趨勢優化YouTube相關功能。除了TrueTheater® 影音強化技術使YouTube影片更明亮、色彩更鮮明豐富,音訊品質升級外,全新功能更讓使用者可以在PowerDVD 22介面內自由調整影片播放速度,並搜尋、訂閱YouTube頻道,將YouTube觀影體驗提升至全新境界。

「自推出PowerDVD以來,我們持續提供業界最創新的技術,致力為數億用戶創造全方位多媒體播放解決方案。」訊連科技執行長黃肇雄表示:「全新的PowerDVD 22不僅優化使用者介面、強化影音播放品質,更針對時下主流檔案規格及YouTube觀影習慣開發全新功能,讓使用者盡情觀看、輕鬆分享。」

除全新影音技術及YouTube相關優化外,PowerDVD 22亦大幅升級多媒體管理功能,使用者可檢視現正播放、最近播放及最近添加的媒體內容,搭配直覺友善的瀏覽介面,輕鬆打造專屬的多媒體中心。用戶另可使用獨家100 GB 「訊連雲」儲存空間,並將內容清單以連結方式與親朋好友分享同樂。

關於Version 2
Version 2 是亞洲最有活力的IT公司之一,公司發展及代理各種不同的互聯網、資訊科技、多媒體產品,其中包括通訊系統、安全、網絡、多媒體及消費市場產品。透過公司龐大的網絡、銷售點、分銷商及合作夥伴,Version 2 提供廣被市場讚賞的產品及服務。Version 2 的銷售網絡包括中國大陸、香港、澳門、臺灣、新加坡等地區,客戶來自各行各業,包括全球1000大跨國企業、上市公司、公用機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。




Click one of our contacts below to chat on WhatsApp