From 5efd459672884111c08e9858208ce4e19aae6d3b Mon Sep 17 00:00:00 2001 From: melindafekete Date: Fri, 13 Dec 2024 09:35:46 +0100 Subject: [PATCH] Add iso to nav, tweak descriptions, add links --- .../using-unleash/compliance/iso27001.mdx | 20 +++++++++---------- website/sidebars.ts | 5 +++++ 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/website/docs/using-unleash/compliance/iso27001.mdx b/website/docs/using-unleash/compliance/iso27001.mdx index 94a00f48cd72..c57824662188 100644 --- a/website/docs/using-unleash/compliance/iso27001.mdx +++ b/website/docs/using-unleash/compliance/iso27001.mdx @@ -7,7 +7,7 @@ description: 'ISO 27001-compliant feature flags at scale with Unleash.' ## Overview -To get ISO 27001 certified and maintain your compliance, you must ensure that any system you integrate with, including feature flagging solutions, is also ISO 27001 certified. Using a homegrown or third-party feature flagging system without ISO 27001 compliance can compromise your certification and introduce unnecessary risks. +To achieve and maintain ISO 27001 certification, you must ensure that any system you integrate with, including feature flagging solutions, is also ISO 27001 certified. Using a non-compliant homegrown or third-party feature flagging system can compromise your certification and introduce unnecessary risks. This guide provides an overview of how [Unleash Enterprise](https://www.getunleash.io/pricing) features align with ISO 27001 controls, helping your organization meet its compliance requirements. @@ -16,19 +16,19 @@ This guide provides an overview of how [Unleash Enterprise](https://www.getunlea | ISO27001 Control | Control Description | Unleash Feature | |--------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------| -| 5.2 Information security roles and responsibilities | Information security roles and responsibilities should be defined and allocated according to the organization's needs. | Unleash provides granular [role-based access control](/reference/rbac) (RBAC) and approval workflows for state changes. | -| 5.7 Threat intelligence | Information relating to information security threats should be collected and analyzed to produce threat intelligence. | When using the hosted version of Unleash, your feature flagging solution is continuously scanned and protected by Amazon Inspector and AWS GuardDuty solutions that identify security threats and alert Unleash personnel of any risk. | +| 5.2 Information security roles and responsibilities | Information security roles and responsibilities should be defined and allocated according to the organization's needs. | Unleash provides granular [role-based access control](/reference/rbac) (RBAC) and [approval workflows](/reference/change-requests) for state changes. | +| 5.7 Threat intelligence | Information relating to information security threats should be collected and analyzed to produce threat intelligence. | When using the hosted version of Unleash, your instance is continuously scanned and protected by [Amazon Inspector](https://aws.amazon.com/inspector/) and [Amazon GuardDuty](https://aws.amazon.com/guardduty/) to identify security threats and alert Unleash of any risk. | | 5.15 Access control | Rules to control physical and logical access to information and other associated assets should be established and implemented based on business and information security requirements. | In addition to RBAC, Unleash supports [single sign-on](/reference/sso) (SSO) authentication and [SCIM integration](/reference/scim) for user account provisioning. | | 5.16 Identity management | The full life cycle of identities should be managed. | Unleash supports SSO and SCIM integration for automatic user account provisioning. | | 5.18 Access rights | Access rights to information and other associated assets should be provisioned, reviewed, modified, and removed in accordance with the organization's topic-specific policy and rules for access control. | Unleash supports SSO and SCIM integration for automatic user account provisioning. | -| 5.33 Protection of records | Records should be protected from loss, destruction, falsification, unauthorized access, and unauthorized release. | When using the hosted version of Unleash, your data records are protected with a resilient architecture leveraging AWS data redundancy and backup services. This benefit is described in our annual SOC2 report available for customers in the Trust Center. | -| 5.35 Independent review of information security | The organization's approach to managing information security and its implementation including people, processes, and technologies should be reviewed independently at planned intervals, or when significant changes occur. | In addition to SOC2 reports, Unleash provides annual penetration test results available to customers in the Trust Center. Both of these certifications are performed by external auditors. | -| 5.37 Documented operating procedures | Operating procedures for information processing facilities should be documented and made available to personnel who need them. | Under the SOC2 umbrella, Unleash implements 14 internal policies for secure information processing. | +| 5.33 Protection of records | Records should be protected from loss, destruction, falsification, unauthorized access, and unauthorized release. | When using the hosted version of Unleash, your data records are protected with a resilient architecture leveraging AWS data redundancy and backup services. This is described in our annual SOC2 report available in the Trust Center. | +| 5.35 Independent review of information security | The organization's approach to managing information security and its implementation including people, processes, and technologies should be reviewed independently at planned intervals, or when significant changes occur. | Unleash provides annual penetration test results and a SOC 2 report, both conducted by external auditors. | +| 5.37 Documented operating procedures | Operating procedures for information processing facilities should be documented and made available to personnel who need them. | Unleash follows 14 internal policies to ensure secure information processing as part of its SOC2 compliance. | | 8.2 Privileged access rights | The allocation and use of privileged access rights should be restricted and managed. | Unleash provides RBAC, granular permission administration, custom root roles, as well as approval workflows for state changes. | -| 8.3 Information access restriction | Access to information and other associated assets should be restricted in accordance with the established topic-specific policy on access control. | Unleash provides RBAC, granular permission administration, custom root roles, as well as approval workflows for state changes. | +| 8.3 Information access restriction | Access to information and other associated assets should be restricted in accordance with the established topic-specific policy on access control. | Unleash provides RBAC, granular permission administration, [custom root roles](/reference/rbac#custom-root-roles), as well as [approval workflows](/reference/change-requests) for state changes. | | 8.5 Secure authentication | Secure authentication technologies and procedures should be implemented based on information access restrictions and the topic-specific policy on access control. | In addition to RBAC, Unleash supports SSO authentication setup and SCIM integration. | -| 8.6 Capacity management | The use of resources should be monitored and adjusted in line with current and expected capacity requirements. | Unleash provides both traffic monitoring and configuration statistics, in order for the system administrators to monitor and adjust the use of resources. | +| 8.6 Capacity management | The use of resources should be monitored and adjusted in line with current and expected capacity requirements. | Unleash provides both traffic monitoring and configuration statistics to help system administrators monitor and adjust resource usage. | | 8.13 Information backup | Backup copies of information, software, and systems should be maintained and regularly tested in accordance with the agreed topic-specific policy on backup. | In the hosted version of Unleash, periodic backups are automated. When self-hosting Unleash, the product provides an API to export its configuration, facilitating the backup automation. | -| 8.14 Redundancy of information processing facilities | Information processing facilities should be implemented with redundancy sufficient to meet availability requirements. | The hosted version of Unleash, is a highly available platform with load balancing, and redundancy across multiple AWS availability zones. | -| 8.15 Logging | Logs that record activities, exceptions, faults, and other relevant events should be produced, stored, protected, and analyzed. | Unleash provides complete event logs and access logs for all API and UI interactions. | +| 8.14 Redundancy of information processing facilities | Information processing facilities should be implemented with redundancy sufficient to meet availability requirements. | The hosted version of Unleash is a highly available platform with load balancing, and redundancy across multiple AWS availability zones. | +| 8.15 Logging | Logs that record activities, exceptions, faults, and other relevant events should be produced, stored, protected, and analyzed. | Unleash provides complete [event logs](/reference/events#event-log) and [access logs](/reference/login-history) for all API and UI interactions. | | 8.16 Monitoring activities | Networks, systems, and applications should be monitored for anomalous behavior, and appropriate actions taken to evaluate potential information security incidents. | The hosted version of Unleash provides network and application monitoring, intrusion detection, and diverse utilization alerts supported by an SRE team and a structured incident handling process. | diff --git a/website/sidebars.ts b/website/sidebars.ts index b9b2c9d4cff3..b8eb46385e71 100644 --- a/website/sidebars.ts +++ b/website/sidebars.ts @@ -631,6 +631,11 @@ const sidebars: SidebarsConfig = { label: 'SOC2 Type II', id: 'using-unleash/compliance/soc2', }, + { + type: 'doc', + label: 'ISO27001', + id: 'using-unleash/compliance/iso27001', + }, ], }, {