Ensuring data protection: Road receives ISO 27001 certification

23 May 2024

At a glance

Road has obtained the ISO 27001 certification, encompassing all operational areas including product development, marketing and customer support. This certification sets the international standard for information security, mandating extensive measures such as secure engineering, limited data access and robust internal audits.

ISO/IEC 27001:2022 is the leading standard for information security, which outlines various requirements to manage risks related to the availability, confidentiality and integrity of data. To obtain certification, companies must demonstrate they have numerous security measures in place, including secure engineering principles, approval and testing within software development, limitations on data access and internal audit processes.

Vincent van Vaalen, CEO of Road says: “Securing our ISO 27001 certification marks a pivotal milestone in our journey, underscoring our unwavering commitment to safeguarding our customers’ data. This achievement is not just a testament to our dedication to data protection, but it illuminates the path we’ve taken to ensure our platform remains a beacon of safety, scalability, and reliability. We’re proud that it reaffirms our promise to deliver a charging service that our customers can trust.”

Data protection has been built into the Road platform from the start, with the implementation of the same security architecture and development practices used by some of the leading Silicon-Valley tech companies.

However, the management of information security risks requires a consistent vigilance to ensure every process within the company adequately addresses potential threats. The process of ISO/IEC 27001:2022 certification helped us to finetune our implementation of a Information Security Management System, to ensure that we’re prepared to face the challenges of increasingly sophisticated cyber security attacks, an evolving regulatory landscape, and a fast-growing base of customers and employees. In addition, we performed a thorough review of our data protection measures.

Where possible, we have automated processes to avoid the risk of manual error and ensure the scalability of the system. We also identified areas of concentrated skills and knowledge, and increased the resilience of our processes to ensure business continuity.

Achieving ISO/IEC 27001:2022 certification demonstrates to our customers that we take information security seriously, and deliver on our commitment to protect our customers' data. Firstly, it emphasises our commitment to the maximum availability of our eMobility services, through monitoring, system redundancy, data back-up, and incident management procedures.

Secondly, it shows we have controls in place to protect privacy-sensitive data, including the prevention of unauthorised access, vendor security reviews and data anonymisation.

Finally, it illustrates how we facilitate accurate and reliable charging transactions via the implementation of data integrity checks, security testing in the development process, and the secure transfer of information.

Test link