Snaile is Canada’s First & Only ISO-27001 Certified Parcel Locker Company

Snaile- ISO 27001 Certified

Just what is ISO-27001?

ISO is an independent, non-governmental international organization with a membership of 165 national standards bodies. ISO/IEC 27001 provides requirements for an information security management system. Standards are set out for establishing, implementing, maintaining, and continually improving an information security management system, as well as how to assess and treat information security risks.

Snaile Keeps Information Assets Secure with ISO/IEC 27001 Information Security Management Standard

To certify to ISO-27001 for Snaile’s information security management systems, Snaile engaged ControlCase, global leaders in helping companies achieve compliance with international security standards and regulations. ControlCase has years of audit, compliance, and risk management experience and has worked with large national and international organizations.

Snaile is the first Canadian smart parcel locker company to receive this accreditation. In doing so, we are demonstrating our commitment to two areas that are largely overlooked, despite being major aspects of any parcel locker network: user data privacy, software security, and the physical security of deliveries and customer orders.

The Problem with Smart Lockers: Personal Identifiable Information

In real terms, a smart locker is only a receptacle, no matter how robust it is made. This receptacle is entirely controlled by software, both within the locker and in the Cloud (in Canada you need to also host data in the Cloud in-country to be compliant with Canadian data privacy laws called PIPEDA , which the US and foreign parcel locker companies do not), which means there is always a risk from hackers who can gain access to Personal Identification Information (PII). If software is breached, hackers can dump PII on the internet, hold it in exchange for a ransom, or use it for other nefarious activities. With smart lockers, PII typically includes names, addresses, emails, and, in some instances, payment methods.

It’s crucial that parcels or orders left in lockers are kept secure until the intended recipient collects them. When a parcel is taken by a thief who has breached the system and accessed PII, it’s not only bad news for the intended recipient. It also reflects poorly on the company that decided on its smart locker provider. Questions are raised over liability, and reputations suffer.

ISO-27001 Certified Parcel Locker Company

Snaile’s Approach to Data Security

With this in mind, Snaile has a four-pronged approach to data security and privacy:

  1. ISO-27001 information technology and security certification to ensure we comply with industry-leading standards set by subject matter experts.
  2. Ongoing third-party penetration testing, in which an ethical hacking company attempts to break into our company’s software and then issues remediation reports according to what they find.
  3. Cyber Insurance to protect you and us if something does go wrong. Cyber Insurance can only pay out in Canada if the data was never in breach to begin with i.e. secured by commercial standards (ISO27001) and hosted in Canada.
  4. SOC 2. Snaile will complete its SOC II compliance in Q2 2022.

1. How ISO-27001 Helps Protect You

Organizations installing smart lockers for parcel collection should choose an ISO-27001 audited and certified company like Snaile, Canada’s Parcel Locker Company. In doing so, end users, such as building residents, students, or retail customers, are protected by industry-leading and commercially sound information technology and security practices. You are, in turn, provided with internationally recognized assurance that you are partnering with a company that does information technology right.

2. Expert-Level Penetration Testing

In the interest of real-world testing, Snaile contracts Canadian-based PacketLabs to conduct ongoing penetration testing using the latest tools and technologies.

Penetration testing, aka ethical hacking, uses a methodology aligned to industry standards and compliant with various regulatory requirements, including PCI DSS 11.3. The primary objective is to uncover hard-to-find vulnerabilities and weaknesses residing in IT systems, applications, or network components and try to exploit them to obtain access to sensitive information. The consultants at PacketLabs think outside of the box, attempting to bypass the security of our corporate networks.

3. Cyber Insurance for Peace of Mind

As a final measure and for incident mitigation, our Cyber Insurance policy provides Snaile customers with further protection. Insurance companies will only pay out coverage if the data was compliant in the first place – so in our case data must be hosted in the Cloud in Canada and data hosted in a commercially acceptable data infrastructure (ISO27001). This Cyber Insurance covers network security, privacy liability, regulatory actions, cyber threats of extortion, incident management, and data restoration costs.

4. SOC 2

SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy.

SOC 2 certification is issued by outside auditors. They assess the extent to which Snaile complies with one or more of the five trust principles based on the systems and processes in place.

Want to know more? Get in touch and we’ll arrange for you to speak to our Chief Information Security Officer (CISO). We’d be happy to provide you with a security whitepaper and answer any specific questions you may have.

No Obligation Quote
close slider

No Obligation Quote

This field is for validation purposes and should be left unchanged.