The certification demonstrates alignment with cybersecurity standards that will further safeguard open source products and services for use in the most demanding enterprise environments.

Canonical is proud to announce it has achieved the ISO/IEC 27001 certification for its Information Security Management System (ISMS), following an extensive assessment by A-LIGN, a respected certification provider. This milestone highlights Canonical’s commitment to policies, processes and controls that support the confidentiality, integrity and availability of internal and customer data, supplier information, and the company’s corporate infrastructure environment.

“Achieving the ISO 27001 certification is a testament to our team’s unwavering commitment to information security,” said Stephanie Domas, CISO at Canonical. “It validates that our processes meet the highest global standards, giving our customers and partners the confidence that their data is protected with the utmost care and rigor. This isn’t a one-time achievement, but a promise to continuously strengthen our security posture as a core part of our business.” 

Robust information security for customers

ISO/IEC 27001 is among the most widely recognized and internationally accepted information security standards. 

Benefits to Canonical customers include:

• Data security – Customers can rely on established processes and best practices to safeguard data and handle incidents.
• Regulatory compliance – Customers can demonstrate that Canonical  is certified by an internationally recognized standard to help in their own regulatory compliance efforts.
• Commitment to improvement – One of the key requirements of ISO/IEC 27001 is continuous improvement. Maintaining the certification means Canonical will continue to improve its security and resilience.

An ongoing commitment

Achieving ISO 27001 certification is not a one-time event – it’s a continuous journey towards excellence. Canonical is  committed to maintaining a high standard of quality and correctness, aiming to continuously improve its  security posture by adapting to emerging threats and new regulatory requirements.

The certification also complements Canonical’s certifications for IEC 62443-4-1, which governs  cybersecurity in Industrial Automation and Control Systems (IACS), and ISO/SAE 21434 for automotive cybersecurity standards. Enterprises relying on Canonical’s open source solutions can deploy them with confidence knowing they are backed by robust and long-term-supported, open source security processes.

For more information, consult the ISO certificate available in our Trust Center.