Security and Privacy Protections in Software: Why Gather Voices implements ISO 270001 and GDPR Protections

Michael Hoffman
Co-founder & CEO, Gather Voices

When it comes to software, security and privacy are non-negotiable. 

As businesses and individuals increasingly rely on software to store and transmit sensitive information, it's crucial that the software we use is secure and respects our privacy. In today's digital age, the consequences of using insecure or non-private software can be severe - from financial losses and legal liabilities to damage to a company's reputation and trust with its customers, members, donors and partners.

That's why at Gather Voices, we take our obligation to protect the security and privacy of our clients seriously. We understand that the software we provide plays a vital role in our client’s operations and we are committed to ensuring that it meets the highest standards for security and privacy. To that end, we have emphasized the importance of frameworks like ISO 27001 and GDPR in our development and operations.

ISO 27001 and GDPR

ISO 27001 is an internationally recognized standard for information security management. It outlines a set of best practices for protecting information assets and ensures that a company has a systematic and ongoing approach to managing its security. Adhering to ISO 27001 not only helps protect our customers' information, but it also demonstrates our commitment to transparency and good governance. While this framework is hard to implement, and rarely implemented in smaller companies, we have prioritized this to make sure our security posture is good from day 1. 

GDPR, or the General Data Protection Regulation, is a set of regulations that apply to companies that handle the personal data of European Union (EU) citizens. It aims to give EU citizens more control over their personal data and how it is used, while also establishing high standards for data protection and security. As a company that operates globally, we recognize the importance of GDPR and have made sure that our practices meet these standards. We also believe that GDPR is a good framework for all our clients, regardless of where they operate, to make sure we are taking information privacy seriously.

At Gather Voices, we are committed to ensuring that our software is secure and respects the privacy of our customers. Through our commitment to frameworks like ISO 27001 and GDPR, we strive to provide the highest level of protection for our customers' information.

Why is security and privacy important in software?

When it comes to software, security and privacy are more important than ever. Insecure or non-private software can expose businesses and individuals to a wide range of risks and vulnerabilities. These risks can have serious consequences, including financial losses, legal liabilities, and damage to a company's reputation and trust with its customers. 

One major risk of using insecure software is the possibility of data breaches. If a software system is not properly secured, it may be vulnerable to hackers who can access and steal sensitive information, such as customer data, financial records, and proprietary business information. Data breaches can result in significant financial losses as well as damage to a company's reputation, as customers may lose trust in the company's ability to protect their information.

Imagine waking up one day to messages that your member data or customer data was compromised. What a nightmare!

In addition to data breaches, insecure software can also expose businesses and individuals to the risk of viruses and malware. These malicious software programs can corrupt or destroy data, disrupt operations, and even allow hackers to gain control of a system.

Privacy is also an important consideration when it comes to software. If a software system does not respect the privacy of its users, it may collect and use personal information in ways that are inappropriate or unauthorized. This can lead to legal liabilities, as well as damage to an organization’s reputation and trust with its members and customers.

The risks associated with insecure or non-private software underscore the importance of choosing software that is secure and respects privacy. By investing in secure and private software, businesses and individuals can protect themselves from these risks and ensure that their information is protected.

As an example of the consequences of inadequate security and privacy protections, consider the case of Marriott International. In 2018, the company announced that the reservation system for its Starwood Hotels brand had been hacked, exposing the personal information of up to 300 million guests. 

This personal information included credit card information, and even passport numbers! The data breach, which had been ongoing for four years, resulted in significant financial losses for the company and damage to its reputation. It also led to legal consequences, as the company was fined $124 million by the UK's data protection regulator for failing to adequately protect the personal data of its customers.

While you may not have credit card or passport data, this example nevertheless illustrates the importance of prioritizing security and privacy in software choices. By taking the necessary precautions to protect their information, businesses and individuals can avoid the costly and damaging consequences of insecure or non-private software.

What is ISO 27001?

ISO 27001 is an international standard for information security management that was first published in 2005 by the International Organization for Standardization (ISO). It is based on the best practices outlined in a previous standard called the Code of Practice for Information Security Management (BS 7799).

The ISO 27001 standard was created in response to the growing importance of information security management in the digital age. As businesses and organizations became more reliant on technology to store and transmit sensitive information, it became clear that there was a need for a set of best practices to help ensure the security of this information. The ISO 27001 standard was developed to fill this need and provide a framework for protecting information assets.

Since its publication in 2005, the ISO 27001 standard has become widely recognized and adopted by businesses and organizations around the world. It is regularly updated to reflect the latest best practices and emerging threats in the field of information security management.

By adhering to the ISO 27001 standard, companies demonstrate their commitment to transparency and good governance, as well as their dedication to protecting the information of their customers and stakeholders.

The ISO 27001 standard covers a wide range of information security management practices, including risk assessment and management, access control, network security, and incident management. It also requires companies to have a documented information security management system (ISMS) in place, outlining their policies and procedures for ensuring the security of their information assets.

There are many benefits to adhering to the ISO 27001 standard. For one, it helps to protect against data breaches and other information security risks by establishing a systematic and ongoing approach to managing security. It also helps to demonstrate to customers, stakeholders, and regulators that a company is serious about protecting the information it handles. In addition, adhering to ISO 27001 can help to improve a company's efficiency and effectiveness, as it encourages the use of best practices and continuous improvement.

At Gather Voices, we are committed to ISO 27001 compliance. We understand the importance of protecting the information of our customers and have implemented a documented ISMS based on the ISO 27001 standard. Our commitment to this standard has been recognized through our successful annual audits.

We believe that our adherence to ISO 27001 sets us apart in the software industry and demonstrates our dedication to the security and privacy of our customers. By choosing Gather Voices, our customers can have confidence that their information is being handled in a secure and responsible manner.

What is GDPR?

GDPR, or the General Data Protection Regulation, is a set of regulations that apply to companies that handle the personal data of European Union (EU) citizens. It aims to give EU citizens more control over their personal data and how it is used, while also establishing high standards for data protection and security.

The GDPR covers a wide range of personal data, including information such as names, addresses, and contact information, as well as sensitive personal data such as health and financial information. It also applies to companies that process this data, regardless of where they are located. This means that even American companies that do business in the EU must comply with GDPR if they handle the personal data of EU citizens.

There are many benefits to adhering to GDPR. For one, it helps to protect the personal data of EU citizens and gives them more control over how their information is used. It also helps to ensure that companies handle personal data in a responsible and transparent manner. In addition, GDPR can help to improve the trust of customers and stakeholders in a company's handling of personal data.

At Gather Voices, we are committed to GDPR compliance. We understand the importance of protecting the personal data of our customers and have implemented policies and procedures to ensure that we meet the requirements of GDPR.

Even for American organizations that are not directly covered by GDPR, adhering to these regulations can be beneficial. GDPR sets a high bar for data protection and privacy, and complying with these standards can help organizations establish a strong privacy posture regardless of where they are doing business. In addition, as more and more companies operate globally, it is becoming increasingly important for organizations to have a consistent approach to data protection and privacy. By adhering to GDPR, American companies can ensure that they are well-positioned to do business in the EU and other regions that have similar data protection requirements.

Conclusion

Security and privacy are essential considerations when it comes to software, especially now. As businesses and individuals increasingly rely on software to store and transmit sensitive information, it's crucial that the software we use is secure and respects user privacy. The risks associated with insecure or non-private software, such as data breaches, viruses and malware, and violations of privacy, highlight the importance of choosing software that is secure and respects privacy.

At Gather Voices, we take our obligation to protect the security and privacy of our customers seriously. We understand that the software we provide plays a vital role in our customers' operations and we are committed to ensuring that it meets the highest standards for security and privacy. To that end, we have emphasized the importance of frameworks like ISO 27001 and GDPR in our development and operations. Our commitment to these standards has been recognized through our successful annual audits of ISO 27001 and demonstrates our dedication to protecting the information of our customers.

Michael Hoffman
Co-founder & CEO, Gather Voices

Michael Hoffman is the co-founder and CEO of Gather Voices, a technology company that automates the creation, management and publishing of video content. He is also the founder of See3 Communications, a digital marketing agency in Chicago and founder of the DoGooder Video Awards which honors the best social cause video on YouTube each year. Hoffman teaches marketing at the University of Chicago and is an internationally sought-after speaker and trainer who is a trusted advisor to business leaders on engagement strategy.

Read more like this:

Start Fueling Your Success with Video in as Little as One Week

Ready to unleash the power of user-generated video? Contact us to scheduled your personalized 1-on-1 demo with a Gather Voices Video Expert!
Request a Demo