When leaders search for the right work management software for their organization, they often focus on key features around planning, execution, reporting, and analytics. One area they often overlook, however, is security. 

Consistency and high standards are key when it comes to security. That’s where certifications from organizations like CSA and ISO come in. Here at Wrike, we believe the foundation of collaboration is developing a secure environment. Just as team members need to feel safe with their colleagues to maximize innovation and collaboration, businesses need structural security to optimize work.

“Standards bring people into alignment, and people that are aligned have been able to do the impossible.” — Lucas Szymanowski, Director of Information Security at Wrike

Wrike awarded CSA STAR Level 2 Certification

Wrike has successfully passed the Cloud Security Alliance (CSA) STAR Level 2 Certification  — one step above the Level 1 Self-Assessment, which we already had in place. CSA STAR Certification is a rigorous independent third-party assessment of Wrike’s cloud security posture and leverages the requirements of the ISO/IEC 27001:2013 management system standard together with cloud-focused specific requirements.

Wrike has also demonstrated conformance with CSA STAR Level 2 and ISO/IEC 27018:2019, the first international standard for cloud service providers, which addresses cloud privacy and protection of personally identifiable information (PII). This standard is a privacy-related extension to ISO/IEC 27002:2013 with a cloud service provider’s specific controls and clearly establishes privacy principles within ISO/IEC 29100:2011.

Diving deeper: What is CSA STAR?

CSA Security Trust Assurance and Risk (STAR) is the industry’s most powerful program for security assurance in the cloud. STAR encompasses key principles of transparency, rigorous auditing, and harmonization of standards. The STAR program provides multiple benefits, including indications of best practices and validation of the security posture of cloud offerings. 

Wrike Awarded CSA STAR Level 2 and ISO 27018 Certification 2
(Source: https://cloudsecurityalliance.org/)

The above image depicts three levels in the Open Certification Framework that STAR uses. Each one offers a different level of assurance.

Level 1: Self-Assessment

CSA STAR Self-Assessment is free and open to all cloud providers. It allows them to submit self-assessment reports that document compliance with CSA-published best practices.

Level 2: 3rd Party Certification

The CSA STAR Certification is a rigorous third-party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC 27001 management system standard together with the CSA Cloud Controls Matrix, a specified set of criteria that measures the capability levels of the cloud service. The independent assessment is done by an accredited CSA certification body and covers 16 CCM security domains.

Level 3: Continuous Auditing

CSA STAR Continuous Auditing enables automation of the current security practices of cloud providers. Currently, requirements for this level are not yet specified.

What are the benefits of being ISO/IEC 27018 conformant?

ISO/IEC 27018:2019 is the first privacy-specific international standard for cloud service providers that's tailored to cloud computing services. It contains specific guidelines related to reducing information security risks applicable to PII in a public cloud offering. 

For our users, this means:

  1. PII is treated according to local laws and regulations and can’t be used unless the customer consents to such use. The customer has control over their own data, and Wrike is restricted to processing PII only in accordance with the customer’s instructions.
  2. PII is safeguarded when it’s transmitted over public networks or stored on mobile devices, or when data is recovered or restored.
  3. If a data breach occurs, Wrike is to notify the customer immediately, maintain a clear record of the incident, and assist the customer in remaining compliant with their own security obligations.
  4. Wrike discloses the list of data subprocessors, and customers are able to find this information before signing in.

Wrike’s passion for security 

In Wrike’s study of 1,000+ professional services leaders, 75% said that data security was a big concern for clients, and 60% reported that those concerns kept them from being agile or building strong relationships.

The fact is, security is at the heart of collaboration. Internal and external teams need a safe space to communicate, innovate, and work so they can stay on top of projects.

Along with being the leaders in our space, Wrike continues to be a pioneer in security. We‘re dedicated to making Wrike the most secure and reliable collaborative work management platform on the market. We’re always adding new tools and features to help teams stay nimble but secure. For example, Wrike is already the holder of four security certifications:

  • SOC 2 Type 2 shows our commitment to taking a mature, robust, and secure approach to products, processes, and safeguarding customer data.
  • ISO/IEC 27001:2013 ensures Wrike holds a holistic information security management system (ISMS) with a risk-based approach and constantly demonstrates its continuous improvement, which is aligned with the requirements of international standards.
  • ISO/IEC 27018:2019 shows Wrike measures to protect PII in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
  • CSA STAR Certification demonstrates that Wrike as a cloud service provider has conformed implementation of best practices in the provision of security within its cloud service, and has been independently assessed against the Cloud Controls Matrix (CCM) for the management of activities in cloud security control areas.

Our advanced security features help your teams focus on what really matters. Want to learn more about how Wrike helps you stay secure as you grow your business? Visit https://www.wrike.com/security/.