Security & Compliance
ISMS and ISO 27001
Pozyx has a strict approach to building and developing its ISMS - information security management system - which consists of a combination of processes, tools, technologies, people & experts to manage and protect all data and information.
In June 2023, Pozyx has obtained the ISO 27001 certificate, which is the only auditable and internationally recognized standard that defines the requirements of the ISMS.2
More info in the ISO 27001 certificate press release
This set of standards not only helps organizations to keep their information assets secure, it also brings peace of mind to their customers, knowing that their data is secured and business continuity will be guaranteed.
The ISO 27001 standard's framework ensures that Pozyx has the tools in place to strengthen the organization across the three pillars of cyber security: people, processes, and technology.
At the heart of an ISO 27001-compliant ISMS are business-driven and effective risk assessments, which will allow Pozyx to identify and treat security threats efficiently.
Rick Graham, CEO at Pozyx proudly states: "This ISO 27001 certification is a significant milestone for Pozyx and affirms our commitment to protecting our customers' sensitive information. It demonstrates our dedication to implementing the highest standards of information security management and showcases our ability to deliver secure and reliable solutions. The certificate ensures that data security is top of mind in all areas of the organization and information security is ingrained in our corporate culture.
Pozyx is working with the most iconic brands in the world, and our customers entrust us with their data, we will continue to implement best practices to minimize risks and guarantee peace of mind when they work with us.”
ISO 27001 certification
To obtain the certification, Pozyx has completed a strict auditing protocol and demonstrated its systematic and consistent approach to managing sensitive customer and company information.
By attaining ISO 27001 certification, Pozyx assures its stakeholders that it has undergone a rigorous evaluation process by Brand Compliance, an independent auditor and certification body. This assessment evaluated the effectiveness of the company's information security practices, including risk management, incident response, business continuity, and compliance with legal and regulatory requirements. The certified ISMS includes the Pozyx RTLS development, the on-premise and cloud offerings, as well as the Pozyx support activities.
In short, Pozyx has a world-class information security management system in place.
The Pozyx ISMS includes the following elements:
Continuous Security Control Monitoring
Pozyx continuously monitors 100+ internal security controls across the organization against the highest possible standards. Automated alerts and evidence collection allow Pozyx to confidently prove its security and compliance posture any day of the year, while fostering a security-first mindset and culture of compliance across the organization.
Employee Training
Security is a company-wide endeavor. All employees are trained and complete an annual security training program and employ best practices when handling customer data.
Secure Software Development
Pozyx utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.
Data Encryption
Data is encrypted both in-transit using TLS and at rest.
Internal Audit Program
Internal Audits are conducted annually by personnel who are independent and competent, as defined by the ISO standard.
Vulnerability Disclosure Program
If you believe you’ve discovered issues in Pozyx’s security, please get in touch at security@pozyx.io. Our security team promptly investigates all reported issues.
Risk Management Program
Pozyx conducts a Risk Assessment annually that results in the creation of Risk Treatment Plans which lay the foundation for overall risk reduction and continuous improvement of the security program.