Polygon Labs is proud to announce it has been awarded the ISO/IEC 27001:2022 (ISO 27001) certification, a milestone that underscores our dedication to the highest level of information security standards as a company. The external audit to determine compliance was conducted by Schellman Compliance, LLC, an industry leader trusted by many of the world’s leading companies.

The Polygon Labs’ information security management system (ISMS), and our associated audit and certification, targets our core function as an operational business enterprise and developer of open source software solutions. The specific scope as defined on our certification is: 

The scope of the ISO/IEC 27001:2022 certification is limited to the information security management system (ISMS) supporting the Polygon Labs' business of developing blockchain scaling solutions, which includes personnel, policies, procedures, standards, systems, endpoint devices, applications, data, and controls, and in accordance with the statement of applicability, version 1.2, dated October 11, 2023.

Robust security processes and continuous improvement have always been integral to Polygon Labs. ISO 27001 compliance reflects this commitment to security best practices, and positions Polygon Labs as a trusted leader for the blockchain industry. 

This post dives into what this certification means and how it was achieved. 

What is ISO/IEC 27001:2022?

ISO 27001 is a globally recognized international standard for information security management. It defines requirements for establishing, implementing, maintaining, and continually improving an ISMS. 

An ISMS framework is important for contemporary organizations to meet the challenges of an increasingly global, online economy. Organizations leverage an ISMS to systematically manage information security risk for asset confidentiality, integrity, and availability. 

The ISO 27001 standard contains a set of controls around security best practices that organizations can implement as part of an ISMS. These standards address a broad range of security considerations, covering best practices around four security domains, seen below, with 93 controls addressed in these areas, of which you can find some examples nested beneath the security domain. 

Organizational controls

• Policies and procedures
• Role and responsibilities
• Risk management
• Access control
• Business continuity
• Incident response
• Privacy and compliance

People Controls

• Security awareness training
• Remote working controls
• Screening

Physical Controls

• Physical security 
• Environmental threats
• Secure disposal

Technological Controls

• User endpoint controls
• Network security controls
• Malware protection
• Web filtering
• Segregation of networks
• Secure coding & SDLC
• Configuration management
• Monitoring and logging

Achieving Certification

In order to achieve ISO 27001 certification, Polygon Labs’ ISMS received a comprehensive external audit by an accredited certification body. 

The auditor assessed our ISMS against ISO standards across each of the four domains. 

Our audited ISMS is an embodiment of our information security practices, ensuring we meet the most stringent requirements. Auditors not only review documented processes and procedures to ensure they meet best practices—they also validate that Polygon Labs adhered to these standards in day-to-day operational activities. 

Details about certification

• Certification Standard: ISO/IEC 27001:2022
• Certification Directory: https://www.schellman.com/certificate-directory (Search for ‘Polygon Labs’)
• Certificate Number: #1636195-1
• Certification Date: March 13, 2024
• External Auditor: Schellman Compliance, LLC

Moving forward

Security is not an end-state, but a moving target in a dynamic environment of evolving risk. 

Polyon Labs will continue its ongoing commitment to security, building on the ISO 27001 compliance framework as a foundation for ongoing risk management. We hope to serve as a role model of industry best practices, raising the bar on security standards while developing software for scaling blockchains for mass adoption.

Tune into the blog and our social channels to keep up with updates about the Polygon ecosystem.

The future of Web3 is aggregated.

Website | Twitter | Forum | Telegram | Discord | Instagram | LinkedIn | Polygon Knowledge Layer