Big news from the Shelvz team — our Information Security Management System (ISMS) has officially received ISO/IEC 27001:2022 certification. For our clients, partners, and everyone whose data flows through our platform, this certification is more than a badge. It’s a commitment we’re putting through our actions, our know-how and our way of operating.
Here’s what it means, why it matters, and what it changes for our partners and clients.
What is ISO/IEC 27001:2022 ?
ISO/IEC 27001 is the internationally recognized standard for Information Security Management Systems, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
To earn this certification, an organization doesn’t simply fill out a questionnaire. It submits its entire information security framework — its policies, processes, risk assessments, and controls — to a rigorous audit by an independent third party. That auditor verifies that the organization’s approach to protecting information is systematic, effective, and continuously improving.
The “:2022” at the end of the standard name matters too. It refers to the most recent version of the standard, updated in 2022 to address today’s security landscape — including cloud environments, supply chain risks, and modern threat vectors. Achieving this version, rather than the older 2013 edition, means Shelvz’s security posture is built for the world as it is today, not as it was a decade ago.
Why does ISO/IEC 27001:2022 matter for Shelvz clients?
Shelvz is a cloud-based SaaS platform handling real-time field data for CPG and FMCG companies across the MEA region. Every day, merchandisers, sales reps, and field teams use our platform to capture store visits, pricing data, shelf audits, images, and competitive intelligence. That data is sensitive — it informs business decisions, reflects your market position, and ultimately drives revenue.
When you use Shelvz, you’re trusting us with information that matters. This certification means you no longer have to take our word for it that we’re taking that trust seriously. An independent auditor has verified it.
Concretely, ISO/IEC 27001:2022 certification means that Shelvz:
- Has identified the risks associated with the data it handles and put controls in place to address them
- Maintains documented security policies covering access control, incident response, business continuity, and more
- Operates a continuous improvement cycle — security is treated as an ongoing discipline, not a one-time project
- Will submit to regular re-audits to maintain certified status
If security matters to you book your demo with us.
What does "certified" actually involve?
It’s worth being specific here, because the word “certified” gets used loosely.
ISO does not certify companies itself. Certification is granted by an accredited third-party certification body, which conducts a formal audit of the organization’s ISMS against the requirements set out in the standard. The auditor examines documentation, interviews staff, reviews processes, and tests controls — then issues a certificate only if the organization fully conforms.
For Shelvz, this meant a comprehensive review of how we collect, store, process, and protect data across our platform — from the field mobile app to the web portal, from our AWS infrastructure to how we manage access rights internally.
Maintaining certification requires surveillance audits every year and a full recertification audit every three years. The process never really ends, and that’s the point.
Like what your reading?
Take a moment to subscribe before continuing and never miss out on exclusive insights, news, and case studies.
Security has always been part of how we build
This certification formalizes something that has been part of Shelvz’s foundation since day one. Our platform is built on AWS with secure multi-tenant architecture, encrypted data transfers via SSL, and dedicated instance options for clients with stricter isolation requirements. We offer 99.9% uptime SLAs and role-based access controls so that the right people see the right data — and nothing more.
ISO/IEC 27001:2022 certification gives our clients a recognized, audited framework to point to when their own compliance, procurement, or security teams ask how their data is being protected. For companies operating in regulated industries or scaling across international markets, this is increasingly a prerequisite rather than a nice-to-have.
What does ISO/IEC 27001:2022 mean going forward?
Getting certified is a milestone. Staying certified is the work.
We will continue to invest in our security posture, submit to regular audits, and hold ourselves to the standards that this certification requires. As Shelvz grows — adding new clients, entering new markets, expanding our platform — our commitment to information security grows with it.
If you have questions about our security practices, our certification scope, or how we handle your organization’s data, we’re happy to talk. Reach out to us at shelvz.com or contact your customer success manager directly.
