MicroMass Achieves ISO 27001 Certification

December 3, 2019

MicroMass Communications, Inc. takes threats to the availability, integrity, and confidentiality of our clients’ information seriously. As such, MicroMass is an ISO/IEC 27001:2013 certified provider whose Information Security Management System (ISMS) has received third-party accreditation from the International Standards Organization.

This level of certification assures our employees and clients that their data and privacy are in great hands,” said Paul Boehling, Director, Information Technology at MicroMass. “The healthcare industry is dedicated to keeping information secure. And we are leading the charge.”

What does this mean for MicroMass?
It means that our information security policies, procedures, and standards have been reviewed by an accredited certifying agent and deemed to be exceptional. This certification was based on 114 controls and MicroMass implemented all of them. The controls included:

  • Policies, standards, and procedures
  • Risk management
  • Change management
  • Security controls
  • Disaster recovery

MicroMass will move forward with tightly controlled security processes, alignment with industry standards, established security policies, procedures, and standards. “This was a company wide endeavor,” commented Kai Taylor, Cybersecurity Specialist II at MicroMass. “It represented a cultural shift for the entire organization to ensure that our information security practices are certified at the highest level. Achieving this tremendous certification sets us apart from other healthcare agencies.”

“There is no excuse for not doing absolutely everything we can to ensure the security of our data whether it belongs to a website visitor, a client, or our own employees,” said Phil Stein, Chief Executive Officer at MicroMass. “Security and protection are always our ultimate goal. We do what we say and prove it.”


Certification Process
To demonstrate the Company’s dedication to information security, MicroMass implemented an information security management system (ISMS) to conform to the requirements of ISO/IEC 27001-2013 (ISO 27001). ISO 27001 was developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to standardize the process for establishing, implementing, operating, monitoring, reviewing, maintaining an ISMS. A-LIGN Compliance and Security Inc. (A-LIGN) was engaged by MicroMass to perform the initial certification audit to validate conformity and certify the Company’s ISMS against the ISO 27001 standard.

Audit Conclusion
A-LIGN considered the audit evidence with respect to the certification requirements, the scope of certification, and changes to the Company and the ISMS to reach its decision. A-LIGN concludes that the ISMS met the requirements of the audit criteria established, and therefore, recommends certification as of the date of this report.

For more information about the MicroMass commitment to data security and privacy, visit our security and privacy page.