Enhancing Customer Trust Through Security: Udemy Business is Now ISO 27001 Certified
A message from Chad Kalmes, Chief Information Security Officer at Udemy:
The repercussions of not having the right information security controls in place is more costly than ever. According to IBM, the global average cost of a data breach is $4.88 million USD — a figure that has grown by 10% in the last year alone to the highest amount on record.
As Udemy’s Chief Information Security Officer, it is both my duty and my privilege to safeguard our customers’ data, and to earn and maintain their trust every single day. That’s why today, I am excited to share a significant milestone in Udemy’s ongoing commitment to security, trust, and privacy: effective August 7th, 2024, the Udemy Business platform is officially ISO 27001 certified.
ISO 27001 Explained
Going beyond Udemy’s existing SOC 2 Type 2 attestation, ISO 27001 (specifically, ISO/IEC 27001:2022) sets the framework for establishing, implementing, maintaining, and continually improving an Information Security Management System, serving as an internationally recognized standard for managing information security.
Achieving this certification is no small feat; it requires rigorous assessment and validation by an accredited external auditor, ensuring that security practices meet the highest global standards, and are independently verified.
The Value of ISO 27001 Certification for Udemy Business Customers and Partners
- Externally Validated Security Posture: ISO 27001 certification validates that Udemy has robust, systematic security controls. It demonstrates how Udemy is proactively identifying and managing risks, continuously improving security processes, and protecting Udemy Business customer and partner data from potential threats.
- Ongoing Trust and Confidence: Trust is the foundation of any successful relationship, but Udemy recognizes we need to earn and maintain that trust with our customers each day. By achieving ISO 27001 certification, Udemy continues to illustrate that customers’ and partners’ sensitive information is handled with the utmost care and security.
- Regulatory Compliance: In an environment where data protection regulations are becoming increasingly stringent, ISO 27001 provides our customers with additional third-party validation that we’re proactively seeking out additional ways to protect consumer data and maintain an ongoing focus on information security.
- Operational Excellence: The ISO 27001 certification process involves continuously monitoring and improving our security practices. Udemy’s commitment to excellence means we continue to maintain appropriate information security practices, ensuring our systems are resilient and processes are effective.
Udemy’s Ongoing Commitment to Security, Trust, and Privacy
Achieving ISO 27001 certification is a significant milestone, but it is neither the beginning nor the end of Udemy’s security journey. It represents the next iteration of our unwavering commitment to continuous improvement and our dedication to providing the highest levels of security for our customers’ and partners’ data.
Here are some examples of the additional steps we are taking to maintain and enhance our security posture:
- Continuous Monitoring and Improvement: We regularly review and update our security policies and procedures to adapt to new threats and challenges. Our team stays vigilant, monitoring for potential vulnerabilities, and addressing them promptly.
- Employee Training and Awareness: Security is a collective effort. We invest in ongoing training and awareness programs for our employees with leading third-party providers, and also leverage the Udemy platform’s network of more than 1,400 security-specific courses and labs available in 16 different languages. This breadth of exposure to training ensures that all employees have the most up-to-date knowledge and skills to protect consumer data effectively.
- Cutting-Edge Technology: Our Product, Engineering, and Data Science teams continually leverage the latest security technologies and best practices to safeguard our systems and consumer data. As we move into an increasingly AI-driven era, our commitment to innovation ensures we remain ahead in the ever-evolving landscape of cyber threats.
- Customer Collaboration: We believe in working closely with our enterprise customers to understand their security concerns and requirements. This feedback is invaluable in helping Udemy refine its practices and stay ahead of emerging threats, ensuring that we adopt and adhere to the standards and frameworks most relevant to the needs of our customers and partners.
Looking Ahead
As we celebrate this achievement, we remain focused on the future. Like our SOC 2 Type 2 report before it, our journey to ISO 27001 certification is just one more part of our broader mission to provide exceptional security, trust, and privacy to our customers. We will continue to strive for excellence, adapt to new challenges, and uphold the highest standards in everything we do – transforming learning through secure and innovative technology. Thanks to all of our customers and partners for their trust and support, we look forward to continuing this journey together.