-
We are fully committed to ISO 27001:2022.
-
Our intent and planned course of action is to reach the first major milestone, Stage 1 Audit including Gap Analysis, in Q1 2024. As with all intended dates, this could change.
-
The Stage 2 Audit will follow, and then the final procedure of issuing the certificate. We have a team fully committed to this. But, this is a complex undertaking, involving balena, external consultants, auditors, and others. So we cannot yet reasonably predict the final completion date.
-
As a global company we chose to pursue ISO 27001:2022 over SOC 2 Type II, as ISO 27001:2022 is more internationally recognized. We may pursue SOC 2 Type II after we complete ISO 27001:2022 compliance.
-
Related roadmap items and links:
- Enable secure boot and full disk encryption for x86 device types
- Implement audit logging for users and devices
- balenaMachine (balenaCloud for private environments)
- Active Directory SAML Integration for balenaCloud
- Organization wide member settings for e.g 2FA, visibility of user emails/names
- 2023 penetration testing (coming soon)
Update
- After working on the topic and figuring out the process and partners, we are now aiming for Stage 1 and Stage 2 in Q2/2024
Update 28.03.2024
- We have a committed external Stage 1 audit of our ISO 27001:2022 compliant ISMS for first week of May.
Update 11.06.2024
- An ISO 27001:2022 Stage 1 audit was conducted, raising six areas of concern. The final result was a recommendation to advance to the Stage 2 audit.
- We have assessed the concerns, created a corrective action plan, and implemented mitigations.
- Currently, we are preparing to schedule the annual internal audit and, subsequently, the ISO 27001:2022 Stage 2 audit.
Update 04.07.2024
- The internal ISO 27001:2022 audit is scheduled for 22.07.2024 - 26.07.2024
Update 19.09.2024
- An internal ISO 27001:2022 audit was conducted, raising 8 minor nonconformities and 4 areas of concern. The auditor suggests to mitigate and advance to stage 2 audit.
- We have assessed the concerns, created corrective actions, and implemented mitigations.
- The external ISO 27001:2022 Stage 2 Audit is scheduled for 30.09.2024 - 04.10.2024