Aumni Announces ISO/IEC 27001 International Data Security Certification to Expand Offerings in Private Equity Markets Worldwide

Nov 16


Nicole Davis

Security is at the heart of what we do at Aumni, which is why we continually seek new ways to strengthen our programs and integrate security measures throughout our processes. We are delighted to announce, having put our security protocols and programs to the test, we have received our latest accreditation -- the ISO/IEC 27001 certification. 

ISO/IEC 27001 is the international standard for information security with requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). ISO 27001’s rigorous standards address staffing, processes, and technology best practices that make information assets more secure. To be certified, a business must:

  • Methodically review the organization's information security risks, including threats, vulnerabilities, and potential impacts
  • Design and implement a coherent and comprehensive suite of information security controls and other forms of risk mitigation to confront risks
  • Retain a universal management process to ensure that the information security controls meet the organization's information security needs

Aumni meets or exceeds these internationally recognized standards. Receiving this certification attests to Aumni’s robust infrastructure, systems, tools, and processes that keep the data entrusted to us and the systems supporting our services confidential and highly available. 

The ISO 27001 certification comes on the heels of our SOC 2 Type II certification, which originated in the United States from the AICPA and American Institute of Certified Public Accountants. While it’s well known within the U.S., it's not an internationally accepted security standard, so having both certifications builds further trust in our security program. Now, our clients within the U.S. that participate in international investments and our clients in international locations all benefit from knowing their data is secure.  

Aumni’s Senior GRC Analyst, Craig Estep, said the following about our latest security program achievement: “Meeting such rigorous security standards is not commonplace for young companies like ours. Our security efforts to date point to our integrity and the importance of making security measures part of our process from the beginning instead of trying to retrofit secure solutions down the road as we grow. We had to meet 114 requirements for ISO 27001, and that is no small feat. We are thrilled to show our customers how we apply our ingenuity to our core business and keep their data secure.”

Our Commitment to Risk Mitigation   

This achievement marks an ongoing journey to protect the confidentiality, availability, and integrity of Aumni systems and data. Our sophisticated, certified security program reduces risk from threats and vulnerabilities through the implementation of policies such as: 

  • Product security initiatives 
  • Policy governance 
  • Security training
  • Change Management, including SDLC methodology
  • Data protection
  • Vulnerability Management
  • Asset Management
  • Incident Response
  • Business Continuity & Disaster Recovery
  • Logging and Monitoring
  • Vendor Security Management
  • Access Control

We remain committed to data confidentiality and customer trust. Annually, our policy requires independent third-party auditors to attest to whether we follow the security best practices enshrined in the SOC 2 Type II and ISO 27001:2013 frameworks. We won’t stop there; we will continue developing security measures above and beyond compliance requirements. 

To learn more about our security framework and download our Security Whitepaper, please visit our Trust page: