Information Security and ISO/IEC 27001
RETENTION YES Inc., the entity that provides the Reteno platform, operates an information security management system (ISMS) certified to ISO/IEC 27001:2022. The certification demonstrates that information security for the development, operation, and administration of the platform is managed through a structured, independently audited framework.
What ISO/IEC 27001 Is
ISO/IEC 27001 is an internationally recognized standard for establishing, operating, maintaining, and continually improving an information security management system.
The standard is based on three core principles of information security:
- Confidentiality — information is accessible only to authorized people, systems, and processes.
- Integrity — information is protected from unauthorized or improper changes.
- Availability — information is accessible when it is needed.
At its core, ISO/IEC 27001 requires an organization to identify information security risks, decide how to treat them, implement appropriate controls, and review those controls on a regular basis. The :2022 designation refers to the current version of the standard.
What This Means for You
Reteno’s ISO/IEC 27001:2022 certification provides independent evidence that the platform operates under a documented and audited information security management system.
For customers evaluating Reteno during a security, legal, or procurement review, the certification helps demonstrate that established processes are followed for managing information security risks and maintaining security controls over time.
These controls may include organizational, people, physical, and technological safeguards such as access management, encryption, monitoring, vendor management, incident response, and regular security review.
ISO/IEC 27001 also supports Reteno’s broader security and privacy posture, including the controls that underpin Reteno’s data protection commitments.
Certificate and Scope
Reteno’s ISO/IEC 27001:2022 certificate is issued to RETENTION YES Inc., the entity that provides the Reteno platform.
The certification covers the development, operation, and administration of the platform.
A copy of the certificate, including the certifying body, certificate number, issue date, expiry date, and full scope statement, is available on request. To request it, contact [email protected].
Related Compliance
- GDPR — Reteno supports GDPR compliance through a Data Processing Agreement and Privacy Policy. See GDPR Overview.
- HIPAA — for guidance on protected health information and Reteno, see HIPAA and Protected Health Information.
Disclaimer
This page is provided for general informational purposes only and is not legal advice. Security and compliance requirements may depend on your organization, industry, location, and use case. Consult your legal, security, and compliance advisors when evaluating Reteno for regulated data processing.
