Information Security (ISO 27001)

The passenger’s right to privacy, requirements to protect a customer's personal information (PII), and the processing standards that are required to collect PII, are well established. However, what about the systems that support these standards? The standards require us to report a security breach, which is good, but what about preventing a breach in the first place? That is where Information Security comes in.

It is an ISO (International Standards Organization) certification that provides a framework for Information Security. This includes specific policies, procedures, controls, testing and documentation, which together provide a secure operating environment for all of drvn’s systems, information, trade data, and PII. The ISO 27001 framework is what gives us the comfort to know our Privacy Policies are built on a solid foundation.

The 27001 standard requires the creation, upkeep, and continual improvement of a comprehensive information security management system (ISMS). The ISMS oversees and documents the recording, storing, and encrypting of all our clients and passengers personally identifiable information (PII).

More on the ISMS drvn’s implementation of its ISMS ensures that we formalize, standardize, test, and retest processes for user and endpoint management, risk assessments, penetration testing, and day-to-day tasks. This covers all the security implications such as the onboarding of our employees, our driver’s drivers, our partners and our customers.

The requirements for 27001 are recognized by other standards as a building block for their own standard. This includes NIST 800-171, SOC 2, CMMC 2.0, and GDPR. At drvn, we take privacy, information security, and the protection of all personally identifiable information very seriously. We apply these security standards and guidelines to all of our clients across every industry, wherever you are.