Skip navigation
Industry Events

In Search of… ISO 27001:2013, 27017:2015 & 27018:2019 Certification

We are proud to announce the Duo has achieved ISO 27001:2013, 27017:2015, and 27018:2019 certification!

Ever wondered how a screw manufactured in the United States has the same screw threads as a screw manufactured in Lithuania? You can thank ISO for that! 

ISO is responsible for issuing internationally-accepted standards for (seemingly) everything, from a standard for brewing tea (3103:2019) to ski boots (5355:2005) to the two-letter country code that can form a country’s domain address (3166) to standards for information security.


What is ISO 27001:2013, 27017:2015 and 27018:2019?

ISO 27001, 27017 and 27018 (colloquially referred to as the 27000 series) are a set of security standards that were developed to help organizations improve their maturity and protect their intellectual property and data in a scalable and verifiable way. 

To achieve certification, Duo was audited by an accredited external auditor, Coalfire, who verified Duo’s control environment and assessed the implementation of our controls. Our external auditors used the information collected via meetings and evidence to make the determination Duo meets the requirements for certification.

An ISO 27000 series certification is valid for three years and requires an annual surveillance audit to ensure continued compliance for the lifespan of the certification. 

What’s the benefit of ISO 27001:2013, 27017:2015 and 27018:2019 certification to our customers?

The ISO standards for information security are viewed as the global standard for information security. While other certifications may take center stage in the US and North America, the ISO 27000 series is the most accepted standard internationally and provides our customers and partners with valuable information about the internal processes and procedures that help keep Duo secure. 

"As a provider of security controls that are critical to our customers, Duo strives to provide a trustworthy and transparent vendor security experience that provides our customers with the utmost confidence. Duo’s achievement of certification for ISO 27001, 27017, and 27018 represent a significant milestone in this effort and the latest example of third-party validated evidence of effective and trustworthy management of our security responsibilities to our customers." —Josh Yavor, CISO, Duo Security, now part of Cisco.

Beyond the utility of the certification itself, the ISO 27000 series of standards forms the bedrock for many regional and industry-specific certifications which provides Duo the opportunity to pursue more targeted compliance opportunities in the future.

View Duo's ISO 2700 certificates:

Links to ISO standards:


Try Duo For Free

With our free 30-day trial and see how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.