Rippling obtains ISO/IEC 27001 certification

Published

Oct 26, 2023

Rippling is excited to announce that it has successfully achieved ISO/IEC 27001 certification. 

The scope of this audit was company-wide and incorporated all of our products. This gives our customers assurance that Rippling has implemented mature security controls across our entire platform—highlighting our commitment to keeping our customers’ data secure.

ISO 27001 compliance is evidence of Rippling’s continued investment in building a security program that meets global security standards. According to Duncan Godfrey, our Chief Information Security Officer, it validates Rippling’s readiness to support Enterprise customers and ensure the protection of their data:

I’m very proud of the Security Program we are building here at Rippling, and testing it against the high bar of ISO 27001 compliance was an exciting step for us. It shows we are ready to meet the high security expectations of Enterprise customers.

Duncan Godfrey

CHIEF INFORMATION SECURITY OFFICER AT RIPPLING

What is ISO/IEC 27001?

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) co-published this internationally recognized certification. It defines the requirements for setting up and maintaining an information security management system (ISMS), which is a documented set of policies that govern and protect an organization’s sensitive data. An ISMS acts as the central hub for an information security program. It helps companies identify cyber risks, address security vulnerabilities, and proactively manage any threats by spelling out action plans in the event of a breach. 

Rippling’s ISMS is embedded across the entire organization to ensure security is a key pillar of our strategy. 

Rippling’s other new security certifications

In addition to ISO/IEC 27001, Rippling has also achieved certifications for ISO/IEC 27018 and CSA STAR Level 2. 

  • ISO/IEC 27018 establishes security codes for cloud service providers who deal with personally identifiable information (PII) from customers. Organizations with ISO/IEC 27018 certification have controls in place to maintain PII rights, comply with privacy requirements, and ensure accountability for how sensitive personal information is processed. 
  • CSA STAR Level 2 The Cloud Security Alliance STAR Program maps best-in-class security frameworks to one unified control set called the CSA Cloud Control Matrix (CCM). This framework has a strong focus on a modernized cloud security approach. The certification assures customers that Rippling has developed security controls that are both appropriate and effective for a cloud-first environment. You can view our latest certification in the public CSA registry here.

Protecting sensitive data is crucial. You’re safe with Rippling.

As an all-in-one HR, IT, and Finance solution, employee data is at the center of everything Rippling does, which is why we go the extra mile to protect this sensitive information. In addition to the new certifications, Rippling is also SOC 1 and SOC 2 compliant and adheres to industry best practices. 

Learn more about Rippling’s comprehensive security and data protection features here

Rippling and its affiliates do not provide tax, accounting, or legal advice. This material has been prepared for informational purposes only, and is not intended to provide, and should not be relied on for tax, legal, or accounting advice. You should consult your own tax, legal, and accounting advisors before engaging in any related activities or transactions.

last edited: March 26, 2024

Author

The Rippling Team

Global HR, IT, and Finance know-how directly from the Rippling team.