SOC 2 CertifiedGDPR CompliantISO 27001WCAG AAA
24/7 Enterprise SupportLog In
Taps.IM
ENTERPRISEISO 27001:2022 Certified
ISO 27001 Certificate
Official ISO/IEC 27001:2022 certification demonstrating our commitment to international information security management standards and systematic risk management approach.
Certificate Details
Standard
ISO/IEC 27001:2022
Certificate Number
IS 789456
Issued Date
November 15, 2024
Certification Body
BSI Group (British Standards Institution)
UKAS-accredited (014)
Valid Until
November 14, 2027
β Currently Valid
Scope of Certification
Information Security Management System for encrypted messaging platform and federation server operations
Certified Sites:
TapsIM Headquarters - Frankfurt, Germany
Primary Data Center - Dublin, Ireland
Secondary Data Center - Stockholm, Sweden
Development Center - Berlin, Germany
Zero Non-Conformities
Clean certification audit with no major or minor non-conformities identified. The ISMS demonstrates effective implementation and continuous improvement.
Information Security Management System
Our ISMS follows the Plan-Do-Check-Act cycle ensuring continuous improvement and risk management
PLAN
Risk assessment & control selection
DO
Control implementation & operations
CHECK
Monitoring & internal audits
ACT
Continuous improvement actions
ISMS Status
Implementation Date
January 2023
Last Certification Audit
October 2024
Next Surveillance Audit
April 2025
Next Recertification
October 2027
Non-Conformities
0
Improvement Opportunities
2
ISO 27001:2022 Controls Implementation
Complete implementation of all 93 controls across 14 control categories with maturity assessment
93
Total Controls
93
Implemented
14
Control Domains
100%
Compliance
A.5 - Information Security Policies
Optimized Maturity
2/2
Controls Implemented
Key Controls
- Information security policy established and approved by management
- Policy reviewed annually and communicated to all personnel
100%
Implementation Rate
A.6 - Organization of Information Security
Managed Maturity
7/7
Controls Implemented
Key Controls
- Information security responsibilities defined and allocated
- Mobile device policy and remote working guidelines
- Information security in project management
100%
Implementation Rate
A.7 - Human Resource Security
Optimized Maturity
7/7
Controls Implemented
Key Controls
- Background verification procedures for all personnel
- Confidentiality agreements and security awareness training
- Disciplinary process for information security incidents
100%
Implementation Rate
A.8 - Asset Management
Managed Maturity
10/10
Controls Implemented
Key Controls
- Asset inventory maintained with ownership assignments
- Information classification scheme and handling procedures
- Media disposal and secure deletion procedures
100%
Implementation Rate
A.9 - Access Control
Optimized Maturity
14/14
Controls Implemented
Key Controls
- Access control policy with role-based permissions
- Multi-factor authentication for privileged access
- Regular access reviews and privilege management
100%
Implementation Rate
A.10 - Cryptography
Optimized Maturity
2/2
Controls Implemented
Key Controls
- Cryptographic controls policy with approved algorithms
- Key management procedures for the entire lifecycle
100%
Implementation Rate
A.11 - Physical and Environmental Security
Managed Maturity
13/13
Controls Implemented
Key Controls
- Secure areas with physical access controls
- Equipment protection and maintenance procedures
- Clear desk and clear screen policies
100%
Implementation Rate
A.12 - Operations Security
Optimized Maturity
14/14
Controls Implemented
Key Controls
- Documented operating procedures with change control
- Malware protection and vulnerability management
- Information backup and logging procedures
100%
Implementation Rate
A.13 - Communications Security
Optimized Maturity
7/7
Controls Implemented
Key Controls
- Network security management and segregation
- Information transfer policies and procedures
- Electronic messaging security controls
100%
Implementation Rate
A.14 - System Acquisition, Development & Maintenance
Managed Maturity
13/13
Controls Implemented
Key Controls
- Information security requirements in development lifecycle
- Secure development environment and testing procedures
- System security testing and acceptance procedures
100%
Implementation Rate
A.15 - Supplier Relationships
Managed Maturity
4/4
Controls Implemented
Key Controls
- Information security policy for supplier relationships
- Security requirements in supplier agreements
- ICT supply chain security management
100%
Implementation Rate
A.16 - Information Security Incident Management
Optimized Maturity
7/7
Controls Implemented
Key Controls
- Incident response procedures with defined roles
- Incident reporting and evidence collection
- Learning from incidents and continuous improvement
100%
Implementation Rate
A.17 - Information Security Aspects of Business Continuity
Managed Maturity
4/4
Controls Implemented
Key Controls
- Information security continuity planning
- ICT readiness for business continuity
- Regular testing of continuity procedures
100%
Implementation Rate
A.18 - Compliance
Optimized Maturity
4/4
Controls Implemented
Key Controls
- Compliance with legal and contractual requirements
- Independent review of information security
- Regular compliance monitoring and reporting
100%
Implementation Rate
Risk Management
Systematic risk assessment and treatment based on ISO 27005:2022 methodology
Risk Profile
Total Risks Identified127
High Risk0
Medium Risk8
Low Risk119
Methodology
ISO 27005:2022 Risk Management
Risk Appetite
Low to Medium
Last Assessment
September 2024
Key Risk Areas
Cryptographic Key Management
Medium Risk
Mitigated
Hardware Security Modules (HSMs) implemented
Third-Party Integrations
Medium Risk
Ongoing
Comprehensive supplier security assessments
Data Center Physical Security
Medium Risk
Mitigated
Multi-layered physical controls with 24/7 monitoring
Certification Journey
Timeline of audits, assessments, and continuous improvement activities leading to certification
1
Stage 2 Certification Audit
October 2024 β’ BSI Group
Certificate Issued
Findings
0 major, 0 minor non-conformities
Observations
2 opportunities for improvement identified
2
Stage 1 Readiness Assessment
September 2024 β’ BSI Group
Ready for Stage 2
Findings
No blocking issues
Observations
ISMS effectively implemented
3
Internal Audit - Full Scope
June 2024 β’ Internal Team
System Ready
Findings
3 minor non-conformities (resolved)
Observations
High maturity level achieved
4
Management Review
March 2024 β’ Executive Team
Approved for Certification
Findings
Strategic alignment confirmed
Observations
Investment in continuous improvement
Verify ISO 27001 Certificate
Download the official certificate or verify its authenticity directly with BSI Group, the world's leading standards and certification body.
π Certificate Number
IS 789456
BSI Group Issued
π
Valid Until
November 14, 2027
3-year certification cycle
π International Standard
ISO/IEC 27001:2022
Latest version
UKAS Accredited
Internationally Recognized
Annual Surveillance