Kandji Earns ISO 27001 Certification

To earn the internationally recognized ISO 27001 certification, a company must demonstrate a commitment to implementing an information security management system (ISMS) followed by a rigorous two-stage audit. That’s why we’re so proud to announce that Kandji has just received its own ISO 27001:2022 certification 

That certification—as well as our recent recertification in SOC 2—was achieved in part because we leverage Kandji ourselves. 

To earn ISO 27001, a company must first implement an ISMS. Such systems encompass all the policies and procedures put in place to protect the security, availability, and confidentiality of an organization’s information assets. That system must first pass an internal audit, followed by that two-stage certification audit. The auditor then issues a certificate and registers the ISMS. Kandji’s ISO certification can be verified by going to A-Lign and searching for certificate ISMS-KA-121123. 

The standard requires companies to demonstrate general capabilities, not to adopt specific tactics. 

So, for example, Annex 5.9 of the ISO spec requires you to demonstrate to the lead ISO auditor that you have some way of maintaining an inventory of information (and associated assets). Kandji can help with that for Apple endpoints. Annex 7.14 requires organizations to have a system for securely disposing of old assets. Kandji can safely erase Apple endpoints before they’re dispatched. Annex 8.7 of the ISO 27001 spec requires you to have some protection against malware. Kandji’s own EDR product can do it, or you can use Kandji to deploy and manage another solution. 

Kandji can help you meet these and many other ISO 27001 requirements for Apple endpoints. Our  ISO 27001 certification can help provide reasonable assurance to Kandji customers that Kandji leverages a risk-based approach toward meeting its contractual commitments to protect customer data. This includes implementing policies and processes that are aligned with industry-accepted best practices.  

Our SOC2 recertification also underscores our commitment to the principles of security. It’s particularly significant because it represents our dedication to maintaining rigorous controls over a period of time rather than just at a single point.

The days when SaaS-based companies were eyed suspiciously by enterprise buyers because they didn’t conform to standards are long gone. Kandji sailed through both of these compliance evaluations and did so using itself as an MDM. 

Our ISO 27001 certification and updated SOC2 report are available to current and prospective enterprise customers upon request through our trust portal, subject to the appropriate non-disclosure agreements. For more information about our security practices or these certifications, please visit that trust portal or email grc@kandji.io.

About Kandji

Kandji is the Apple device management and security platform that empowers secure and productive global work. With Kandji, Apple devices transform themselves into enterprise-ready endpoints, with all the right apps, settings, and security systems in place. Through advanced automation and thoughtful experiences, we’re bringing much-needed harmony to the way IT, InfoSec, and Apple device users work today and tomorrow.