By Mikkel Hald, 15/10/21
WAYF has now been certified according to the information security standard, ISO 27001. This is a result of the audit conducted by DNV at WAYF on September 23rd, 2021.
With this certification, federation members now have yet another basis for assuming WAYF has its information security under control, and can be safely trusted with mediating digital identities from user organisations to service providers.
For some years, complying with ISO 27001, without certification, has been a baseline within the Danish public sector. But with information security outspokenly important for a WAYF core delivery, i.e. the secure mediation of digital identities, an actual certifcation according to the standard has made good sense in this case.
WAYF is merely the most recent addition to the parts of DeiC operations certified according to ISO 27001. The Danish NREN's hosting services and network operations have upheld the certification since 2019.
The ISO certificate is inspectable here.