Category: Platform & product updates Published: 20 February 2020 Author: Darish Rajanayagam

Digital security is on everyone’s mind and for good reason. Around the globe, great minds are at work designing security protocols to combat cybercrime. (Of course, cunning  minds are also at work trying to thwart those protocols.) Suffice it to say, the world can be a big scary place for data. 

But Ingram Micro Cloud and CloudBlue customers need not fear. We’re committed to remaining on the forefront of security advances. As proof, we’re now ISO/IEC 27001-certified. This certification is a significant milestone, demonstrating that Ingram Micro Cloud and CloudBlue meet the most stringent,  internationally recognized security standards. 


But what does certification really mean—and why does it matter? 


What is ISO/IEC 27001?

The International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) is an independent, international standards-setting body. Through its membership of multi-national standard bodies comprised of experts in various domains of cybersecurity, it develops consensus-based, market-relevant international standards. 

ISO/IEC 27001 is an international information security standard, adopted by the ISO/IEC and intended to bring information security under management control by establishing a framework for all policies, processes and technical controls related to security. The framework covers all aspects of the business, including legal, physical, technical and operational controls. 

Following the successful completion of an audit, organizations that meet the requirements may be certified by an accredited certification body. And we’ve done it.

ISO/IEC 27001 certification requires an organization to:

  • Systematically examine its information security risks, taking account of the threats, vulnerabilities and impacts
  • Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address any risks deemed unacceptable
  • Adopt an overarching management process to ensure information security controls continue to meet the organization's information security needs on an ongoing basis 


What does it mean for Ingram Micro Cloud and CloudBlue to become ISO 27001-certified?

Achieving compliance with ISO 27001 ensures Ingram Micro Cloud and CloudBlue have a comprehensive and mature security program in place that aligns with industry standards. This certification involved aligning our existing policies, processes and technical controls with the requirements set out by the standard, including:

  • Governance framework of policies and procedures 
  • Information security training and awareness programs
  • Control-implementation guidance in ownership and accountability processes
  • Prompt identification and mitigation of security risks
  • Continuous improvement strategies of the security posture

In short, it means we’ve proven we’re not only committed to security from the top down and inside out, but that we also have the controls in place to ensure our policies and practices are enforced. 


What does ISO 27001 certification mean to you as our customer?

Our ISO 27001 certification is evidence of our ongoing commitment to customer satisfaction by demonstrating the following core values: 

  • Security is a priority in everything we do, from new product development to day-to-day operations.
  • Operational excellence is our commitment in all areas, including software development, IT and information processes.
  • Exceptional results are our goal by having an organized process structure and defined strategy.
  • Continual improvement is how we operate, addressing evolving security threats by identifying vulnerabilities and mitigating risks.
  • Compliance with all privacy standards and requirements is an integral part of our business, including GDPR, CCPA and PCI.  
  • A proactive approach is how we operate, creating a secure framework for an enhanced customer experience.


We’re not stopping here

ISO 27001 certification attests to the maturity and sophistication of the Information Security program established for Ingram Micro Cloud and CloudBlue, but we’re taking it even further by using ISO 27001 certification as the foundation for achieving additional security certifications. For example, our ISO 27001 compliance efforts dovetail perfectly with our PCI DSS and Azure MSP Expert certifications:


Certification ISO 27001 Impact
PCI DSS Several security requirements overlap, and ISO 27001 certification improves these processes to ensure ongoing adherence for this important information security standard.
Azure MSP Expert ISO 27001 certification also improves our Azure MSP Expert certification process, simplifying the annual renewal of this gold-standard rating.


We’re proud and honored that you chose us to be your cloud partners, and we’ll continue to reach for the clouds in our internal security protocols—keeping your concerns foremost at all times.


Darish Rajanayagam
Darish Rajanayagam CISSP – Vice President, Technical Operations, Ingram Micro Cloud

Darish leads software development, IT, platform management & operations, as well as security & compliance for Ingram Micro Cloud and CloudBlue. His experience spans cloud, eCommerce, enterprise application, networks and datacenters. He’s skilled in bringing concepts to market, while improving organizational efficiencies through process optimizations and leveraging the latest tools and technologies.