OneSignal Achieves ISO 27001 and ISO 27701 Certifications, Building on SOC 2 Type 2 Compliance

OneSignal -

We are thrilled to announce that OneSignal has successfully obtained both ISO 27001 and ISO 27701 certifications, marking a significant milestone in our ongoing commitment to information security and privacy protection. These new certifications build upon our existing SOC 2 Type 2 compliance, further strengthening our comprehensive security framework.

Understanding ISO 27001 and ISO 27701

ISO 27001 is the international standard for information security management. It specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system. This certification confirms that OneSignal has implemented a robust framework to protect sensitive information from unauthorized access, data breaches, and other security threats.

ISO 27701 extends ISO 27001 to include privacy information management. It provides a framework for managing privacy controls to reduce the risk to privacy rights. This certification demonstrates OneSignal's dedication to protecting personal data and compliance with privacy regulations such as GDPR.

What this means for our customers

These internationally recognized certifications validate that OneSignal has implemented comprehensive security and privacy controls that meet global standards. For our customers, this means:

  • Enhanced Trust: Your data is protected by security practices that have been rigorously audited by independent third-party experts
  • Global Compliance Support: Our certifications help support your compliance requirements across different jurisdictions
  • Systematic Risk Management: We employ a structured approach to identifying and mitigating potential security and privacy risks
  • Continuous Improvement: Our Information Security Management System (ISMS) and Privacy Information Management System (PIMS) are designed for ongoing enhancement

Our security journey

OneSignal's commitment to security isn't new. Having previously achieved SOC 2 Type 2 compliance—which verifies our long-term adherence to strict information security policies, procedures, and practices—we've now expanded our security certifications portfolio with these ISO standards.

Achieving these certifications represents months of dedicated effort across our entire organization. Our teams have worked tirelessly to ensure our security and privacy controls not only meet but exceed international standards. This process involved:

  • Comprehensive risk assessments
  • Development and implementation of detailed security policies and procedures
  • Regular internal audits
  • Employee security awareness training
  • Third-party penetration testing
  • Rigorous documentation of controls

Why we pursued these certifications

In today's digital landscape, security and privacy are not optional—they're essential. As the leading customer engagement messaging platform serving over a million developers and marketing professionals worldwide, we recognize our responsibility to protect the data entrusted to us.

By obtaining these certifications, we're not just meeting industry standards; we're demonstrating our commitment to security and privacy as core values of our organization.

Looking forward

While these certifications represent a significant achievement, our work doesn't stop here. Security and privacy are ongoing commitments that require constant vigilance and improvement. We will continue to improve our security measures and invest in building features that strengthen the security and privacy of our customers.

What customers need to know

No action is required from our customers to benefit from these enhanced security measures. However, if you have specific security or compliance questions, our team is ready to assist you.

For more information about our security practices or to request our certifications, please contact us at support@onesignal.com.