ServiceTitan has been recognized for its outstanding commitment to protecting information. It has received the ISO 27001 Certification, a highly respected global standard that shows a company has strong systems to protect the information it uses and keeps.. This confirmed that ServiceTitan has a system to manage risks related to the security of data it owns or handles, and that this system respects all the best practices and principles enshrined in this International Standard. This promotes a holistic approach to information security: people, policies, processes and technology.
To earn this certification, ServiceTitan met or exceeded the international standard on more than 80 different procedures and protections covering their staff, operations, technology, and even the physical security of their buildings audited by an independent firm.
The certification is a seal of approval from the International Organization for Standardization (ISO), a nongovernmental and independent group that carries out assessments of companies to ensure the business meets established and recognized standards of safety and security.
In conjunction with ISO 27001, ServiceTitan also achieved ISO 27018, a privacy focus standard for cloud computing services that is focused on protecting personally identifiable information (PII). This certification helps cloud service providers who process PII to address regulations such as the General Data Protection Regulation (GDPR) in Europe, covering areas such as:
Ensuring that companies that process data only process Personal Identifiable Information (PII) according to the instructions provided by the people who contracted the service.
Giving customers the ability to access, correct, and erase their PII.
Providing clear information about how PII is processed.
Promptly notifying companies that contracted the service in the event of a data breach
Achieving certification against ISO 27018 helps ServiceTitan demonstrate to customers and stakeholders that we take the protection of personal data seriously and manage it in line with international best practices. This can be especially important given the increasing concerns and regulatory demands regarding data privacy and security.
“These certifications really demonstrate ServiceTitan’s commitment to security and continuous improvement, because security is always moving,” said Cassio Goldschmidt, ServiceTitan’s Chief Information Security Officer. “It's just a reinforcement of a longtime commitment we have.”
As a result, customers and partners can deal with ServiceTitan knowing the commitment to safety is real, the certification reaffirms the credibility ServiceTitan has built.
“ISO certification shows your key stakeholders that you have a well-run business that has structure, is stable, and ready for growth,” the ISO website states. “By maintaining an ISO certification, we are proving your organization’s commitment to achieving your objectives and increasing the credibility and customer confidence in your product or service.”
‘Positioning our brand to instill trust’
ISO 27001 certifications come through evaluations from business management and security experts. Meeting ISO standards leads to increased efficiency, reduced cost, improved customer satisfaction and reduced risk for businesses such as ServiceTitan.
“What we’re really doing here is assessing the security controls we have in place against a widely accepted international standard audited by an independent auditing company,” Goldschmidt said.
ServiceTitan has achieved the certification for the first time. Preparation took several months, and the process was complex because of the updates to the standards in 2022.
Maddalena Scampuddu, ServiceTitan’s Director of Security and Compliance, worked on the certification with her team.
“It was a long process that involved multiple people and multiple changes, especially on policies and procedures,” Scampuddu said.
Cybersecurity, but more than that
The certification goes beyond cybersecurity, which ServiceTitan makes a priority. Because it also involves physical security, the team conducted a test where it assigned people to come to the headquarters and try to gain access or prop doors open.
“They start from the ground level, where they try to get into the building, they look at all the doors, go up the stairs, test the badges, test the emergency doors, and things like that,” she said.
A challenge was also conducted to ensure the security of ServiceTitan’s computer servers, both domestically and abroad.
ServiceTitan sees the ISO certification as an ongoing journey, not an end. Multilevel security will always be important to the company.
“It’s just the start of continuous improvement,” Scampuddu said. “ We can say that we have good processes, people and technology in place, but the reality is that risks are changing day after day and we keep addressing it.
“It's our responsibility to be ready with open eyes, understand what additional risks we have, and make sure that we have a process in place to address them.
“It’s really a journey, a continuous study to make sure we are always ahead of the potential risks. Cybersecurity and physical security are always evolving, so we always need to be up to speed.”