Trust Center / ISO 27001
ISO 27001
Workplace.io is working toward security program maturity aligned with ISO/IEC 27001. We are not currently ISO 27001 certified. This page describes our approach and roadmap for an information security management system (ISMS).
Last updated: December 16, 2025
Status
We are building an ISMS-aligned security program and documenting controls consistent with enterprise expectations. We do not claim ISO/IEC 27001 certification at this time. If we pursue certification, the scope and certification timeline will be communicated through this Trust Center.
What “ISO 27001” means
ISO/IEC 27001 is a standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). Certification is performed by an accredited certification body and applies to a defined scope.
ISMS approach
Our approach focuses on building repeatable processes for risk management, policy governance, operational security, and continuous improvement. We prioritize the controls most relevant to Workplace.io, including secure integration handling, access control, monitoring, and incident response.
  • Risk management: identify risks, implement mitigating controls, and review changes over time.
  • Policies and procedures: documented security policies and operational procedures.
  • Operational controls: access control, encryption, logging/monitoring, and change management.
  • Continuous improvement: review incidents and findings to strengthen controls.
Control areas most relevant to Workplace.io
While ISO/IEC 27001 includes a broad set of control domains, we focus first on the areas most commonly reviewed by enterprise customers and most relevant to our service architecture.
Access control
Workspace membership and roles restrict administrative functions and sensitive actions.
Access Controls →
Cryptography
TLS for data in transit and encryption at rest for stored data; message content is short-lived by design.
Encryption →
Operations security
Operational monitoring and security-relevant logging support reliability and investigation.
Logging & Monitoring →
Supplier relationships
Vendor inventory and subprocessor documentation support supplier risk management.
Subprocessors →
Secure development
Secure SDLC practices reduce the likelihood of introducing vulnerabilities.
Secure Development →
Incident management
Incident response procedures support triage, containment, remediation, and customer communication.
Incident Response →
Roadmap
Our roadmap focuses on strengthening documentation, operational evidence, and repeatable processes that align with an ISMS. Where formal certification is required by a customer, we can provide Trust Center documentation and due diligence support in the interim.
  • Policy set: maintain and periodically review security policies and procedures.
  • Evidence readiness: operational logs and records to support customer and auditor review.
  • Vendor management: subprocessor documentation and supplier risk practices.
  • Testing and improvement: remediation tracking and continuous improvement practices.
No overstatement
We will only claim ISO/IEC 27001 certification after an accredited certification body issues a certificate for a defined scope.
Customer due diligence support
We support customer security reviews and can provide additional materials during procurement, including CAIQ-aligned responses, architecture summaries, and subprocessor documentation.
CSA CAIQ →
Need ISO-related materials?
If your procurement team needs an update or supporting documentation, contact us and we’ll respond.
Contact Trust & Security Back to Trust Center
Warning
This is a warning message
Cancel
Continue