ISO Certification Blog Post

By Kathryn Gerlock, VP of information security at StayWell

Information security is a critical component to nearly every business these days, but it’s especially important when it comes to protecting highly sensitive health information. News stories continue to report on recent hacks, an increase in security threats, and the expanding lengths businesses are going to maintain higher security measures. As more work moves to technology platforms and cloud-based systems, the need for stronger IT security grows.

When a business manages client health information, including hundreds of thousands of sensitive patient health records, security measures must be at their best. At StayWell we take that role very seriously and understand the enormous responsibility that comes with it. And since we also operate programs that interface with major hospitals and health care systems, the need for a strong IT security system is paramount for success.

What is the ISO 27001 Certification?

StayWell’s commitment to trust and security goes beyond just good client service. We recently achieved ISO/IEC 27001:2013 Certification for our My StayWell Platform, Krames On FHIR®, and Krames On-Demand® products. ISO 27001 is an information security standard published by the International Organization for Standardization (ISO). This certification requires adherence to rigorous international security standards to ensure the confidentiality, integrity, and availability of our systems and data are entrusted, including health information. By subscribing to this standard, StayWell demonstrates its commitment to maintaining and continually improving a high standard of information security requirements.

StayWell’s ISO 27001 Information Security Management System (ISMS) is designed to extend beyond just United States regulations, allowing us to adopt and meet strict IT security requirements for non-U.S. countries. This creates additional assurance that all information contained within StayWell’s in-scope systems is maintained according to international regulations. It also outlines how we will handle security risks and explicitly defines necessary security controls.

Why is the ISO 27001 Certification important?

ISO 27001 is a specification for an ISMS that defines policies and procedures to protect an organization’s information assets, including legal, physical, and technical controls within the organization’s risk management system. The ISMS requires those who interact with StayWell’s information assets fully understand and comply with the necessary processes, policies, and procedures. Meeting ISO certification also requires StayWell to continually improve upon its standards in accordance with the governing body to maintain the status.

StayWell’s ISO/IEC 27001:2013 certification scope states:

StayWell’s ISMS encompasses StayWell’s Information Security department and supporting personnel, processes, and procedures, covering business activities related to the security of provisioning, operating, maintaining, and managing services provided to StayWell customers. Specially, the security of StayWell’s production systems, production data, and production processes that support StayWell’s My StayWell Platform, Krames On FHIR product, and Krames On-Demand product. Systems, data, and processes outside of these specific StayWell products and services are excluded.

As new security threats evolve, and greater risks are posed to sensitive records, clients can trust that StayWell continually strives to have the highest level of security protection in place. Contact us directly for more information about the certification and StayWell's commitment to security.