Security is key at WeTransfer. People trust us with their documents, their art, their personal memories, their work. So it’s vital that we live up to that trust, not just today, but going forward. As the security landscape evolves, our systems and processes need to evolve to match. A few years ago, this meant adding two-factor authentication and email verification for all accounts. In today’s world, it means looking holistically at every part of how our company works. And that’s why I’m proud to say that our ongoing efforts on the security front have been recognized, and we’ve just achieved ISO 27001 certification.
Perhaps it doesn’t sound super exciting, but our commitment to the highest security standards enabled us to get certified, and ensures that we have the know-how to protect all the information we hold. And that includes a set of policies around setting up a comprehensive security system (or “Information Security Management System”, if you’re keen on capitals). The certification also gives us a framework for implementing that system in a coherent, cost-effective, and successful fashion. And, it proves to you that we’re living up to our promises to always keep your data as secure as possible. It’s part of the responsibility that comes with being a B Corp—providing the best possible service, constantly looking for improvements, always following the highest international standards, and being transparent in doing so.
Achieving certification has taken two years. That may sound a long time, but we didn't want to just tick the box—we wanted to do the job thoroughly. We've embraced the framework inits entirety and incorporated the controls introduced by ISO 27001 without losing our unique ways of working. It has involved some intense self-examination and a real commitment across the whole of WeTransfer, requiring us to scrutinize the wider contexts—from relationships to regulations—in which we operate. And it has impacted how we secure everything from our physical space to information, how we collaborate with our partners, how we build software, and how we allocate resources. It’s also changed how we communicate with each other, and with our wider community, including you.
We’ve now put processes in place to ensure that we keep a constant focus on security— where problems may come from, how to mitigate risks, how to solve underlying issues, and how to create safeguards to prevent them arising in the future. ISO 27001 requires that these safeguards be implemented in a systematic form, one that is hardwired into the company and its decision-making processes, and one that is constantly monitored as we go forward. We’re confident we’ve achieved just that.
Like your trust, security is not something we’re ever going to take for granted. Keeping track of a rapidly changing environment, with the new safety risks that will inevitably arise, will always remain top of mind.
As you may have gathered, we’re pretty pleased about this achievement. It puts us—and you—in a good place. And thank you for reading this far in a tech blog. That makes us feel loved too.