In May 2026, OMNYS achieved ISO/IEC 27017 and ISO/IEC 27018 certifications, expanding its compliance scope beyond the ISO/IEC 27001 already obtained previously. A consistent and progressive journey that further strengthens the company's commitment to data protection and cloud infrastructure security.
ISO 27001 is the international benchmark for Information Security Management Systems (ISMS). Achieving it means having structured processes, controls, and responsibilities according to rigorous standards verified by an independent certification body.
The two new extensions take this commitment to an even more specific level, addressing the needs of organisations like Omnys that operate in cloud environments and process personal data on behalf of their clients.
ISO/IEC 27017 extends the controls of ISO 27001 to the cloud services context, introducing guidelines designed for both cloud service providers and their customers. It defines clear responsibilities for how data is protected in the cloud environment, how access is managed, how data is segregated between different customers, and how operational continuity is ensured.
For Omnys clients, this translates into a concrete guarantee: the services delivered comply with an internationally recognised cloud security framework, reducing the risks associated with outsourcing critical processes.
ISO/IEC 27018 focuses on the protection of personally identifiable information (PII) processed within public cloud services. It is the reference standard for organisations acting as data processors on behalf of third parties.
The certification attests that Omnys adopts specific controls to ensure transparency in processing, limit data use to agreed purposes, properly handle access and deletion requests, and promptly notify any incidents. A set of practices that fully align with GDPR requirements and the growing expectations of clients and partners regarding data privacy.
In today's market, information security is no longer an implicit requirement: it is an explicit selection criterion. Organisations that entrust external partners with the management of sensitive data — whether IT infrastructure, SaaS applications, or managed services — need verifiable evidence, not just statements of intent.
ISO certifications speak exactly this language: they are verified by accredited bodies, updated over time, and recognised across every sector and country. For the IT managers, DPOs, CISOs, and legal teams of our clients, having an ISO 27001 + 27017 + 27018 certified supplier simplifies risk assessments, reduces the documentation burden in due diligence processes, and strengthens the compliance chain across the entire supply chain.
A supplier holding these three certifications reduces the assessment burden for the client and strengthens the compliance chain across the entire supply chain.
Achieving these certifications is the result of methodical work on processes, technologies, and company culture. But above all, it is the confirmation of a direction Omnys has consciously chosen: investing in trust as a lasting competitive value.
