By Olivia Ramirez

April 18, 2023

Using a partner ecosystem platform (PEP) like Crossbeam enables you to move faster. Companies like Intercom, Census, and LeanData have sped up their sales cycles, increased deal sizes, and boosted overall annual recurring revenue (ARR) by embracing Ecosystem-Led Growth (ELG). 

Before Crossbeam, mapping accounts meant swapping insecure spreadsheets over unencrypted email and ultimately putting your company’s data at risk. Now, businesses map accounts in real time with the ability to choose exactly which data to reveal and when.

But with any relatively new tool in SaaS, there’s bound to be skepticism. Despite five years of Crossbeam’s SOC 2 Type II compliance, partner managers face challenges in getting their legal teams and their partners on board.

Since the beginning, trust has always been a core value at Crossbeam. And after years of investing in our information and data security, we are proud to share this: We’ve officially completed the internationally-recognized ISO/IEC 27001 and 27701 information security and data privacy certifications.

Crossbeam is the only company in the PEP category to hold the ISO/IEC 27001 and 27701 certifications. Additionally, we are continuing our SOC 2 Type II track record and renewing for the fifth consecutive year.

Perhaps you’re having a bit of a “Kermit with arms flailing” kind of moment and want to pass the information to your legal team and your partners right away. If that’s the case, you can find our complete certification reports in the Crossbeam Security Portal. 

If you’re wondering what each certification means and want to nerd out about cybersecurity like we do, read on. 

A Quick Primer on Security Standards in SaaS 

Below, we’ll share the differences between the SOC 2 Type II audit report, the ISO/IEC 27001 certification, and the ISO/IEC 27701 certification. Grab some tea, and let’s talk cybersecurity.

SOC 2 Type II: SOC 2 Type II is an audit report established by the American Institute of Certified Public Accountants (AICPA) that is widely recognized in the US. Compared to the ISO/IEC 27001 and ISO 27701, the SOC 2 Type II audit report is a subjective audit report conducted by a licensed certified public accountant (CPA).

Our SOC 2 Type II compliance demonstrates Crossbeam’s strong technical cybersecurity controls to prevent a data breach.

ISO/IEC 27001: The ISO/IEC 27001 certification is the internationally-recognized certification for information security standards. In order to complete this certification, a company must adhere to hundreds of information security controls via its information security management system (ISMS) and internal processes.

To complete the ISO/IEC 27001 certification, the entire Crossbeam organization needed to establish and practice continuous security controls, including implementing strict procurement processes, controls around data retention in team collaboration tools like Slack, and limitations around information knowledge among Crossbeam employees.

A joint committee consisting of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have established the standards for the ISO/IEC 27001 and 27701 certifications.

ISO/IEC 27701: The ISO/IEC 27701 privacy certification is awarded to companies that meet a precise set of data privacy standards. It is required that any company applying for the ISO/IEC 27701 certification must have already received the ISO/IEC 27001 certification.

At Crossbeam, ISO/IEC 27701 provides customers with the assurance around the privacy of their data in the Crossbeam platform. While there is no such thing as a GDPR certification, ISO/IEC 27701’s strict controls and close alignment with GDPR shows Crossbeam’s commitment to data privacy. Crossbeam offers a comprehensive data processing addendum (DPA), and the ISO/IEC 27701 certification guarantees that we are strictly following that DPA. 

For example: When a Crossbeam customer enables the Crossbeam Salesforce app, they do not need to sync any personal identifiable information (PII). The only data required to begin mapping accounts is the account name. However, many customers choose to sync PII.

What the ISO/IEC 27001 and 27701 Certifications Mean For You 

Our new certifications will help to remove friction in a number of scenarios where internal stakeholders or potential partners have expressed concern around PEP adoption and second-party data. Below are a few examples.

Avoid missed opportunities with global partners hesitant to share second-party data. Security teams globally recognize the ISO 27001 and 27701 certifications. Whether you’re partnering with a company in the Netherlands or in Japan, these certifications serve as a common language and seal of approval for security teams everywhere. 

Partner with companies who require ISO/IEC 27001 certification, rather than SOC 2 audit reports. Some US companies will only enable second-party data sharing with partners who have ISO/IEC 27001 certification. Through Crossbeam, your data will always meet the standards of ISO/IEC 27001 and 27701. Companies like Microsoft have the ISO/IEC 27001 certification and will only do business with companies that have the same.

Speed up your PEP procurement process, and start account mapping right away. If you were ever hesitant about pitching the adoption of Crossbeam to your procurement and security team, rest assured that our ISO/IEC 27001 and 27701 certifications are internationally recognized and guarantee that Crossbeam practices standard information and data security controls.

Get complete visibility into our ISO 27001 and 27701 certification reports on the Crossbeam Security Portal, and share the reports with your security team.

Want to read more about second-party data, information security, and data privacy? Check out these articles on the Crossbeam blog: 

• Sharing Partner Data Used to Be Scary. These New Best Practices Can Help

• The Era of Second-Party Data is Here. Are You Ready?

• Don’t Fall Behind: Get Your Partner Data in Your Data Warehouse

—