Our Commitment to International Standards: Procore and ISO27001:2013
We understand that there’s a lot of trust on the part of our customers to keep their data on the Cloud. Security is a top priority for Procore, and we continue to invest significantly in broad initiatives to ensure that our customers’ data is safe, secure and private.
Procore is committed to protecting its clients, subscribers, employees and Procore from damaging acts that are intentional or unintentional. Effective security is a team effort involving the participation and support of every Procore user who interacts with data and information systems.
Procore understands the International Organization for Standardization (ISO) 27001:2013 is the de facto international standard for an Information Security Management Program. Procore decision to pursue a globally respected industry benchmark standard demonstrates a commitment to its Information Security Program and to its customers and business partners.
What is ISO 27001:2013?
In order to achieve a successful ISO 27001:2013 certification, Procore’s information security management system (ISMS) focuses on Procore’s ability to ensure its organizational structure, information systems, policies, practices, procedures, processes and controls are protecting the confidentiality, integrity, and availability of its information systems.
Scope for the audits
The scope of the ISO 27001:2013 certifications is reflective of Procore’s network infrastructure and all corresponding products and services offered across our entire Platform.
This includes the management of research & development, IT operations & maintenance, and delivery of excellent customer support, which are centrally managed out of the Procore’s headquarters, and supported from the following in-scope office locations: Carpinteria, CA, Alameda, CA, Austin, TX, New York, NY, Portland, OR, San Diego, CA, San Francisco, CA, Willmar, MN, London, United Kingdom, Sydney, Australia, Toronto, Canada, and Vancouver, Canada.
Procore’s security controls for managing the IaaS environment are included in the scope of this certificate, with the exception of the physical and environmental controls which are provided by our hosting service, AWS. Please view AWS Compliance information (including ISO certifications) here: https://aws.amazon.com/compliance/
What this means for Procore customers?
To uphold the same levels of trust that our customers invest into Procore, these 3rd-party audits and certifications of our systems provide aim to provide a high level of confidence and trust in our ability to assess security risks associated with your data.
Furthermore, it illustrates to Federal, public, and private entities that an accredited agency has independently assessed Procore’s security program which has satisfied the ISO industry best practices and controls.
While Procores ISO27001:2013 certification does not automatically apply to your organization, if you are looking to pursue these compliance initiatives, then our certifications will help simplify the process for your organization
Procore’s ISO 27001:2013 Stage 1 Certification Letter and next steps
Procore has achieved ISO 27001:2013 Stage 1. Click here to download a stage 1 recommendation letter.
Our team is currently in the process for the ISO27001 Stage 2 Certification and will continue to evaluate and pursue programs based on our customers needs.