KKCompany, a leading technology group in Asia, today announces the successful acquisition of ISO/IEC 27001 ISMS (Information Security Management System), after receiving the first OpenChain ISO/IEC 5230 international third-party certification in Taiwan in August 2022, with an audit scope focusing on information security management of KKStream video streaming platform. Through the collaboration with Deloitte Consulting and third-party certification of SGS, KKCompany ensures a stable operation of products and services and will continuously provide trustworthy media technology services.
KKCompany COO Steve Wang mentioned, “KKStream provides B2B video streaming technology to create a streaming platform for companies or hosting large online events. Serving more than 10 million users, information security and privacy protection are crucial for us when teaming with partners or addressing end consumer needs. ISO 27001 certification not only proves the successful implementation of information security standards, but also manifests our commitment to customer data protection.” Besides ISO 5230 and ISO 27001 certifications, KKCompany is also preparing to obtain other international certifications related to privacy/personal information protection and business continuity management to further enhance the security of all services, substantially reinforcing information security and protection and continuously improving business operating performance.
ISO/IEC 27001, published by ISO and IEC, is an internationally recognized standard of information security management system, with the purpose of verifying the integrity of ISMS risk evaluation and management plans of information security to further enhance the capability of information security control.
ISO 27001 covers 114 controls in 14 domains and 35 objectives. Besides the development and operations teams of KKStream streaming platform projects, KKCompany back office including information security, human resource, administration, and legal affairs, also contributed to the audit. The process of the ISO 27001 certification audit was similar to an information security health check; during the audit, all fields in the information security management system, from the security system of the development process and daily routines, are required to meet the standards and this allowed employees to examine if any potential risk is involved in their daily work. During the management system review, the awareness of information security was enhanced through the discussion, identification, and adherence to ISO standards.
Leveraging this audit, KKCompany refined the existing risk management system to implement preventive measures through risk recognition. For incident monitoring and emergency management, we created referable SOPs and integrated key security protective measures, including penetration tests, red team assessment, source code analysis service, and vulnerability scanning to address the ever-changing incidents as well as increase employee security awareness. After receiving ISO 27001 certification, KKCompany will regularly conduct related management according to standards and continuously elevate security controls through external audits (annual surveillances and a recertification audit every 3 years).