Highlighter Documentation

ISO27001 - Information Security

ISO/IEC 27001 Certified ISMS

Our ISO 27001 certification provides strong evidence of our capacity to comply with quality assurance requirements through the following mechanisms inherent in the standard:

  • Process-Oriented Approach: ISO 27001 mandates the establishment, implementation, maintenance, and continual improvement of documented processes. This includes critical areas relevant to quality, such as:
  • Secure Software Development Lifecycle (SDLC): Our structured development practices integrate security and quality checks at each stage, from requirements gathering and design through to testing, deployment, and maintenance. Our processes also identify, track, and remediate defects (nonconforming outputs) throughout the SDLC, which include:
    • comprehensive testing (unit, integration, system, security, and user acceptance testing) designed to uncover defects.
    • a formal bug tracking system to record, prioritize, and manage the resolution of all identified issues
    • root cause analysis for critical defects to prevent recurrence.
    • verification of fixes before deployment to ensure issues are effectively resolved.
  • Monitoring, Measurement, Analysis, and Evaluation: Our SDLC is not static; it's continuously improved through:
    • In-Process Metrics: Tracking metrics such as code quality scans, test coverage, and build success rates during development.
    • Code Reviews & Quality Gates: Implementing peer code reviews and automated quality gates via our Continuous Integration system to ensure adherence to coding standards and identify potential issues early.
    • Post-Deployment Monitoring: Monitoring system performance and user feedback post-release to identify any emergent quality issues or areas for improvement.
    • Incident Management: Structured procedures for managing and resolving incidents ensure that any issues affecting service quality are addressed effectively.
  • Risk Management: A core component of ISO 27001 is a comprehensive risk assessment and treatment process. While focused on information security, these risk management principles are also applied to ensure the reliability, availability, and integrity of our Highlighter solution, which are key aspects of service quality.
  • Documentation and Record-Keeping: ISO 27001 requires thorough documentation of processes, controls, and records of activities. This ensures consistency, traceability, and supports quality audits and reviews.
  • Management Responsibility & Review: The standard mandates clear management responsibility for the ISMS and regular management reviews. These reviews assess the effectiveness of our systems, including aspects directly impacting quality, and drive continual improvement.
← Services Workflow