It is with excitement that we announce OneSky has applied for, and received, ISO 27001 Certification: an assurance to our customers of the confidentiality, integrity, and availability of our data services.
ISO is the International Organization for Standardization, encompassing the standards of more than 160 countries. ISO 27001 specifically is the international standard for information security, comprising policies and practices that ensure protection of information throughout a solution and an organization.
Achieving ISO certification is a significant undertaking: but at OneSky, we believe this process and the protection of our customer’s data is a critical piece of a UTM solution. “For a company of our size to pursue this certification and embrace it as a core value - is a differentiator,” says David Downs, OneSky’s Head of Information Technology. “It’s adopting a set of mature business practices that protects the customers confidentiality.”
Cybersecurity is Critical – Now, More than Ever
Advanced air mobility capabilities and UTM solutions are developing rapidly. At the same time, air navigation service providers (ANSPs) are undergoing a digital transformation, moving from traditional server-based systems to digital, cloud-based systems. These digital systems are more scalable - but represent a new area of security that providers like OneSky must commit to understanding and protecting.
OneSky’s development has been focused on providing world-class security from the beginning: so certification required primarily that we document and formalize our systems. “In many industries, security has been an afterthought,” Downs says. “At OneSky, we integrated security up front and made it part of the development process. It was a leading requirement, so designing it from the beginning was critical.”
The ISO 27001 certification includes over 114 annex controls that cover everything from business continuity at the company level to the protection of individual data elements, like flight paths and drone data. To meet these controls, all development teams, partners and suppliers need to be part of the process, in addition to the OneSky organization.
“OneSky’s solutions are real operational air traffic management systems, with lives at stake,” says Downs. “This certification is a way of proving that we are doing the right things to protect our customer’s information. We’re vetting down the supply chain and providing a more secure solution.”
Integrating Security into Everything We Do
Mike Hoodspith, OneSky’s Vice President of International Business Development, says that one of the benefits of the certification process is in getting the entire company focused on the issue. “Cyber security is a huge issue,” says Hoodspith. “At the end of the day, this is critical infrastructure and critical systems.”
“The certification process really brought the whole company together around the idea of security. ISO certification hardens your capability to supply secure systems to your customers. Truthfully, every company should be updating their standards around cybersecurity.”
David Downs agrees. “Ultimately, the customer is the winner – but our employees are winners too,” he says. “We’re integrating security into the thinking processes of the entire company, from basic email handling to product design. “