GoHealth Prioritizes Information Security to Retain ISO 27001 Certification
For the third year in a row, GoHealth is excited to announce that it has obtained ISO 27001 certification for its superior information security management system. ISO 27001 is a globally-recognized certification that verifies an organization’s commitment to the protection of assets and information governance. The certification was performed by Schellman, an Accredited Certification Body based in the United States.
This externally-audited certification analyzes the business and demonstrates how the implementation of data security management processes helps keep information secure. As part of the recertification, GoHealth has recommitted to a continual program of review, validation, and improvement.
“GoHealth is committed to keeping our customers’ data and information safe and secure,” said Shane Cruz, Chief Technology Officer of GoHealth. “We’re proud to have achieved ISO 27001 for the third year in a row, and we will continue to prioritize information security for years to come.”
Since GoHealth was founded in 2001, the company has prioritized information security and data protection within the architecture and governance of its platform, as well as throughout its business and support methodologies. Achieving ISO 27001 certification helps demonstrate the rigorous security measures taken to protect the information assets of all GoHealth customers.
ISO is an independent, non-governmental international organization with a membership of 163 national standards bodies. Through its members, it brings together experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges.
The ISO/IEC 27000 family of standards helps organizations keep information assets secure. Using this family of standards helps organizations manage the security of financial information, intellectual property, employee details and information entrusted to them by third parties. ISO/IEC 27001:2013 provides requirements for an information security management system, which is a systematic approach to managing sensitive information so that it remains secure, and covers people and processes as well as IT systems and applications.