CIRQ (the Certification Institute for Research Quality), an International Standards Organization (ISO) audit and certification body that is a subsidiary of the Insights Association, has awarded certification to Seattle-based Discuss.io for compliance to ISO 27001, one of the most widely recognized and internationally accepted information security standards.
The certification has been verified by CIRQ partner PECB, globally recognized and accredited by IAS (International Accreditation Service). Accredited certification to ISO 27001 involves undertaking regular reviews and internal audits to ensure the continual improvement of the ISMS. Discuss.io’s certification will be verified annually by CIRQ’s independent audit establishing continued compliance and protection of data.
ISO 27001 provides a framework for companies to manage their data security. It establishes requirements for information controls to manage people, processes and technology. The standard covers both the technological aspects of security as well as corporate security, physical security, etc., and relies on regular risk assessments enabling a company to consistently identify and treat security threats. ISO 27001 is accepted worldwide as an assurance that proper and continual measures have been taken to protect valuable company data.
Founded in 2012, Discuss.io is an Insights Association member company, which has developed a qualitative market research and insights cloud-based (SaaS) platform for recruiting and conducting webcam-based focus groups and consumer interviews. This solution allows companies to recruit and connect directly with the consumer within days to respondents anywhere in the world.
The scope of Discuss.io’s certification covers its software development and service delivery process (online video market research projects).
"We wanted to make information security and privacy part of our DNA early. It was important for us that we achieved ISO 27001 certification so we can continue to grow, knowing our foundation is stable,” said Juan Porta, Discuss.io’s Information Security & Compliance Officer. “Similarly, we knew it would provide a level of confidence to our users and customers that their personal data is secure with Discuss.io. Without a doubt, CIRQ helped us to achieve our planned objectives. We needed to know that we’re doing everything properly, and CIRQ supported us throughout the audit and certification process.”
To achieve ISO certification, Discuss.io engaged in an in-depth risk assessment, a comprehensive review of all information security policies and procedures, and internal audits. As a further step in the validation, the company’s information security management system was assessed via review of its documentation, practices, and controls.
About ISO 27001
ISO 27001 provides requirements for establishing, implementing, maintaining and continually improving an information security management system. The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed. It is important that the information security management system is integrated with the organization’s processes and overall management structure and that information security is considered in the design of processes, information systems, and controls. It is expected that an information security management system implementation will be scaled in accordance with the needs of the organization. This International Standard can be used by internal and external parties to assess the organization’s ability to meet information security requirements. ISO 27001 can be mapped to other information security schemes such as Hitrust, NIST and Soc2. Compliance with the standard also enables a company to meet global security laws, such as the NIS Directive and the GDPR.
Discuss.io is a leading online research platform for enabling brands to discover actionable insights and build consumer connections at scale. Discuss.io provides a live video platform and end-to-end services, including recruiting and moderation, for an all-in-one or flexible solution to enable quick, easy, and scalable access to consumers around the world. Brands use Discuss.io to have frequent and direct conversations with consumers around the world, leading to deepened empathy and understanding, better products, more effective marketing.
A subsidiary of the Insights Association, CIRQ (the Certification Institute for Research Quality) was established to provide assessment and certification services to market research firms seeking certification to ISO 20252 and ISO 27001. A non-profit entity, CIRQ is committed to providing timely, thorough and impartial assessments of its customers' quality management or information security management systems in regard to certification to corresponding standards. CIRQ was established in compliance with all ISO requirements for certification bodies that provide auditing and certification services. To conform to its mandate of objective and impartial audits to these ISO standards, CIRQ is independently operated and managed under the oversight of an independent Board of Directors and submits to annual moderation by external authorities on ISO certification bodies.