At Yandex.Metrica, security has always been our top priority. Being one of the world's most popular digital analytics systems, Yandex.Metrica processes large amounts of data, and making sure that all that data is safeguarded against all possible threats has been at the heart of every feature designed and launched. Now, we are proud to announce that our data security management system has been certified to the international ISO 27001:2013 standard. See the certificate.
Certification is an objective, third-party confirmation that the information security management system (ISMS) underpinning Yandex.Metrica's operations is rigorous and compliant with the best practices available today.
Our sister product AppMetrica, the all-in-one marketing platform for mobile apps, has also earned ISO 27001:2013 certification.
About ISO/IEC 27001:2013
ISO/IEC 27001:2013 is a leading international standard that defines the guidelines required to achieve the highest level of information security. The standard was developed by the International Organization for Standardization and the IEC (International Electrotechnical Commission) — independent, non-governmental international bodies.
What certification means
Certification confirms that the information security management system of an organization or individual product meets and mitigates security risks that affect data confidentiality, integrity, and availability:
— The ISMS comprises processes, legal frameworks, technology, data centers, and people involved in handling data.
— Confidentiality means that only authorized personnel have access to data, integrity means that the information is accurate and complete, and availability means that the information is accessible when required.
How a company gets certified
Certification is carried out by external certification bodies, which may or may not be accredited by a member of the International Accreditation Forum. Yandex.Metrica was certified by BSA, an ISO certification body accredited by ANAB (ANSI National Accreditation Board), a member of the IAF.
To get certified, a company must undergo a series of in-depth audits that probe into internal information security management processes.
ISO 27001:2013 certification is a continuous effort, as the certificate is only valid for a limited time and needs to be renewed regularly. We are committed to maintaining the highest security standards developed in the industry.
Why this matters for Yandex.Metrica users
Now our clients can be even more confident that the data they entrust to Yandex.Metrica is handled in compliance with the highest security standards. Moreover, ISO 27001:2013 certification makes it easier to run security audits of our analytics tool for organizations like financial institutions, mobile operations, and healthcare providers, who need to be doubly sure that all data risks are properly managed.
To ensure that our European clients can use Yandex.Metrica safely and securely, we also worked hard to meet the requirements of the European privacy framework, the GDPR. Learn more about the features that make Yandex.Metrica GDPR compliant.
If you have any questions about data security in Yandex.Metrica, please don't hesitate to ask.