In our constant endeavor to improve Couchbase’s security posture, we are thrilled to announce that Couchbase has successfully achieved ISO 27001, ISO 27017, and ISO 27018 certifications – globally recognized standards for information security management systems (ISMS). This achievement underscores our commitment to protecting Couchbase’s and our customers’ valuable information assets while upholding the highest standards of data security.
Understanding ISO Certifications
The ISO standards are developed by the International Organization for Standardization, an independent, nongovernmental organization that specifies the requirements for establishing, implementing, maintaining, and continually improving an ISMS. The standards provide a framework for managing information security risks and ensuring the confidentiality, integrity, and availability of information.
-
- ISO 27001:2022 – Provides a broad framework for managing information security across the organization. It helps organizations establish, implement, and maintain an ISMS.
- ISO 27017:2015 – Provides a code of practice that gives guidance on cloud security. It’s a supplement to ISO 27001 and ISO 27002.
- ISO 27018:2019 – Focuses on protecting personal data in the cloud. It complements GDPR, CCPA, and other data privacy regulations.
Our Compliance Journey
We have come a long way since we embarked on our compliance journey four years ago with the SOC 2 audit for Couchbase Capellaâ„¢. Security is woven into the very DNA of everything we do at Couchbase. All departments, with guidance from the InfoSec team, collaborate relentlessly to build, scale, maintain, and enhance a comprehensive information security program. Capella has successfully gone through multiple audits including SOC 2 Type II, HIPAA, PCI DSS, and CSA STAR. With the ISO certifications, we are able to formally bring Couchbase Server into our audit and compliance program.
 The ISO 27001 certification was conducted by leading compliance assessor A-LIGN, a technology-enabled security and compliance partner trusted by more than 4,000 global organizations to help mitigate cybersecurity risks. A-LIGN is an ISO/IEC 27001 certification body accredited by the ANSI National Accreditation Board (ANAB) to perform ISMS 27001 certifications.
Our Commitment to Continuous Improvement
Achieving these compliance milestones is not the final destination, but an ongoing journey to strengthen information security at every level of Couchbase. The Board of Directors and management at Couchbase are committed to supporting and continually improving our ISMS and maintaining the highest standards of information security. We will continue to:
-
- Monitor and review our ISMS: We will regularly monitor and review our ISMS to ensure its ongoing effectiveness.
- Conduct internal audits: We will continue to conduct internal audits to identify areas for improvement.
- Stay up to date with best practices: We will stay informed about the latest security threats and best practices to ensure our ISMS remains robust.
We are proud of this accomplishment and believe it demonstrates our unwavering commitment to protecting our information assets and maintaining the trust of our customers, partners, and stakeholders.
Learn more about our commitment to security at our Trust Center.