Miro.com is an online collaborative whiteboard like no other. It’s rich in features that help teams work together, has a large catalog of templates to help you get started and integrates with your existing tools including Google, Microsoft, Atlassaian and Slack.
Despite still being a relatively early stage startup, the company has grown exponentially with hubs in the Netherlands, United States and United Kingdom; and the head count continues to grow.
The platform also has over 20 million users across the world, so security is critically important to the team.
With all that in mind, the International Standard for Information Security, ISO 27001 made perfect sense, and Miro’s Trust & Reputation team reached out to Assent for support.
Defining the Scope
We took some time to understand the scope of the project, while also keeping an eye to future growth.
Things were changing fast as the company grew, so it was agreed that the information security management system needed to be scalable.
As a global company, the team was already engaged with compliance requirements such as SOC II and had many robust technical controls in place.
ISO 27001 Gap Analysis
An initial ISO 27001 Gap Analysis exercise was conducted remotely with Assent’s consultants meeting Miro colleagues from each location and business area.
The resulting report was adopted by the Trust and Reputation team, and used to structure the implementation project and certification timeline.
Remedial Actions
Assent provided additional guidance and support during the implementation phase of the project, holding regular meetings with the team.
ISO 27001 Internal Audits
With the information security management system established, Assent conducted a full and thorough internal audit programme to test the effectiveness of the system through objective evidence and process observation.
The report and analysis of findings were used by the Miro team to drive continual improvement and gain confidence ahead of the certification audits.
ISO 27001 Certification Success
After a thorough audit by a team of people from a UKAS Accredited Certification Body, Miro were recommended for ISO 27001 Certification.
Assent observed many of the audit sessions to support the team and note potential improvements for the future.
