Willow’s commitment to security
Cyber security is central to the very fabric of Willow’s approach as we deliver our products and services to customers. Willow’s vision of a connected future encompasses a broad digital ecosystem which also comes with an increased risk of cyber-attack from a variety of threat actors. As part of our commitment to security, Willow maintains a dedicated team of cyber security professionals and has achieved ISO27001 as well as SOC 2 Type 2 security certifications.
Current security frameworks
Willow has adopted a common information security architecture based on the zero-trust model that utilises industry guidance from organisations, including:
- The National Institute for Standards and Technology (NIST)
- The Centre for Internet Security (CIS)
- The Open Web Application Security Project (OWASP)
- The Information Systems Audit and Control Association (ISACA)
- The American Institute of CPAs (AICPA)
- The Australian Cyber Security Center (ACSC)
- The Australian Signals Directorate (ASD)
Security certifications
ISO/IEC 27001
Willow has had its Information Security Management System certified by the International Organization for Standardization to ISO/IEC 27001. ISO/IEC 27001 requires an annual recertification audit by an independent third-party auditor. As a result, Willow adopts an overarching management process to ensure information security controls and risk treatments continue to meet the organisation’s information security needs. The scope of this certification encompasses all Willow working locations, technology infrastructure, products, and staff, including contractors.
SOC 2 Type 2
Willow’s SOC 2 Type 2 certification is conducted by an independent third-party auditor. This compliance standard is designed to provide confidence to our customers as a service organisation, that Willow maintains and successfully operates appropriate controls relating to the security, confidentiality, and availability of the WillowTwin™ product.
Security initiatives
Product & Engineering
- Engineers receive ongoing secure coding training as well as the performance of regular penetration testing on all Willow-developed products by internal and external providers
- Strong audit controls are in place and stringent deployment regimes are followed as new products move from development into production
- Willow maintains a robust set of security controls including encryption-in-transit and at-rest
- Willow regularly tests business continuity and disaster recovery program
- Willow has a Security Champions Program which keeps security at the forefront of our product and engineering teams
- Willow is committed to remediate discovered vulnerabilities through a Vulnerability Disclosure Program
View our Vulnerability Disclosure Policy
Social engineering
- All Willow systems and products utilize Role-Based Access Control (RBAC) as well as Two-Factor Authentication (2FA)
- Security incident and event monitoring (SIEM) software is in place to detect and respond effectively
- Strong email protection systems
- Regular staff cyber awareness training, automated phishing simulation testing, and reporting programs
Microsoft Partnership
- The Willow Cloud architecture and products are fully aligned with Microsoft Azure Cloud and follow a stringent security and governance framework
- Microsoft has 15 global certifications, including SOC 2 and ISO/IEC 27001, 14 US government certifications, and over 60 country and industry-specific certifications
- Microsoft spends over $1 billion USD per year on cyber security as well as the physical security of their data centres
Data privacy
- Protecting the personal information of users and customers is important to Willow, and we adhere to local privacy legislation in all jurisdictions we operate including the European Union General Data Protection Regulation (GDPR)
View our full Privacy Policy
IoT Device security
- Our edge devices are security hardened, remotely updated, and do not require you to expose your systems to the internet
Further queries
Please contact security@willowinc.com for any queries or more information.
