ISO 27001 Certification Simplified

Flo achieves ISO 27001 certification and becomes first period & ovulation tracker to meet world-class security standards.

What is ISO 27001?

ISO 27001 (Information Security Management) is an international standard and benchmark that audits and assesses all companies’ policies, processes, and safeguards when it comes to data security.

What does this mean for me and my data?

Millions of women and people who menstruate around the world trust us with the most intimate information about their health and well-being. Achieving ISO 27001 certification means that Flo protects users’ data against information risks, such as cyberattacks, hacks, data leaks, and theft, at the highest standard possible.

What has Flo done to obtain the ISO certification?

To become ISO 27001 certified, Flo created new guidelines around security, tested all of our controls across 14 domains, ran comprehensive training for all staff at Flo, and completed rigorous audits performed by external companies. The project took 9 months, and we are happy to say that Flo passed with a score of 100%.

What does the company commit to doing while being ISO 27001 certified?

By obtaining the ISO 27001 certification, the company commits to protecting three aspects of information:

  • Confidentiality: Only authorized persons have the right to access information.
  • Integrity: Only authorized persons can change the information.
  • Availability: The information must be accessible to authorized persons whenever it is needed.
Is ISO 27001 mandatory?

No. But since we are aware of the intimate nature of the data you trust us with, we are committed to being proactive when it comes to the security of this information. Therefore, obtaining ISO 27001 certification is the highest priority for Flo. We also believe that our example will empower the whole industry to raise the bar when it comes to security principles.

What are ISO standards and why are they important?

ISO standards in different areas, from pens to aircraft, are created to guarantee quality on a global level. Each of the standards was developed by the International Organization for Standardization (ISO) — an independent, nongovernmental, international organization that unites professionals in their areas to set the standards for the quality of goods or services. 

ISO 27001 is the only auditable certification in the world that defines the requirements of an information security management system (ISMS), and it’s the foundation for the standards and rules we adhere to. It covers 14 domains of security to ensure all areas are adequately assessed.