Security & Compliance

ISMS and ISO 27001

Pozyx has a strict approach to building and developing its ISMS - information security management system - which consists of a combination of processes, tools, technologies, people & experts to manage and protect all data and information.

Pozyx is currently working to obtain the ISO 27001 standard, which is the only auditable and internationally recognized standard that defines the requirements of the ISMS.

This set of standards not only helps organizations to keep their information assets secure, it also brings peace of mind to their customers, knowing that their data is secured and business continuity will be guaranteed.

The ISO 27001 standard's framework ensures that Pozyx has the tools in place to strengthen the organization across the three pillars of cyber security: people, processes, and technology.

At the heart of an ISO 27001-compliant ISMS are business-driven and effective risk assessments, which will allow Pozyx to identify and treat security threats efficiently.

ISO 27001 certification

Pozyx has partnered with Drata and utilizes enterprise-grade best practices to protect its customers’ data. We are currently in the process of pursuing our ISO 27001 Certification.

‍
Our ISMS includes the following elements:

Continuous Security Control Monitoring

Pozyx uses Drata’s automation platform to continuously monitor 100+ internal security controls across the organization against the highest possible standards. Automated alerts and evidence collection allows Pozyx to confidently prove its security and compliance posture any day of the year, while fostering a security-first mindset and culture of compliance across the organization.

Employee Trainings

Security is a company-wide endeavor. All employees are trained and complete an annual security training program and employ best practices when handling customer data.

Secure Software Development

Pozyx utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.

Data Encryption

Data is encrypted both in-transit using TLS and at rest.

Internal Audit Program

Internal Audits are conducted annually by personnel who are independent and competent, as defined by the ISO standard. 

Vulnerability Disclosure Program

If you believe you’ve discovered issues in Pozyx’s security, please get in touch at security@pozyx.io. Our security team promptly investigates all reported issues.

Risk Management Program

Pozyx conducts a Risk Assessment annually that results in the creation of Risk Treatment Plans which lay the foundation for overall risk reduction and continuous improvement of the security program.

‍