Skip to content

ISO 27001:2022 Aligned

cloak.business is hosted on ISO 27001:2022-certified infrastructure (Hetzner), and our ISMS is aligned to ISO 27001 controls, demonstrating our commitment to information security management best practices.

What ISO 27001 Means for You

Systematic Security

A comprehensive Information Security Management System (ISMS) covering all aspects of our operations — from data classification and access control to incident response and business continuity. Every risk is identified, assessed, and treated according to the ISO 27001:2022 standard.

Documented Policies

Clear, documented policies and procedures for handling information securely. Policy documents are version-controlled, reviewed annually, and made available to enterprise customers on request.

Regular Audits

Our hosting provider's annual third-party surveillance audits and three-year recertification cycle keep the infrastructure compliant. Our own internal audits run quarterly, with findings feeding directly into our continuous improvement cycle.

Key Controls

  • Access control: role-based permissions with principle of least privilege
  • Encryption in transit: TLS 1.3 for all connections, HSTS enforced
  • Encryption at rest: AES-256-GCM for all stored data and backups
  • Incident response: documented 4-phase plan (identify, contain, eradicate, recover)
  • Business continuity: regular DR drills, 99.9% uptime SLA
  • Vendor management: all sub-processors assessed and contractually bound
  • Physical security: ISO 27001-certified data center with 24/7 monitoring
  • Employee awareness: annual security training for all staff
  • Change management: peer review and testing required before production deploys
  • Vulnerability management: automated scanning and monthly manual reviews

View Our Complete Policies

Access our full ISO 27001 policy documentation.