Skip to main content

Phase Two Achieves ISO/IEC 27001 Certification

· 3 min read
Phase Two
Phase Two
Hosted Keycloak and Keycloak Support

Phase Two is excited to announce that we are now ISO/IEC 27001 certified.

This milestone reflects how seriously we take security and compliance across our platform, operations, and internal processes. We completed this as a fast follow to our September 17, 2025 SOC 2 Type II compliance milestone, reaching full ISO/IEC 27001 certification just over six months later as part of our commitment to building a mature, enterprise-ready security program.

Learn more at our Trust Center: trust.phasetwo.io.

What is ISO/IEC 27001 certification?

ISO/IEC 27001 is an internationally recognized standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).

In practical terms, it provides a structured framework for identifying risk, applying appropriate controls, documenting security processes, and continuously improving how an organization protects systems and data. Full certification means this program has been evaluated against the standard rather than being described only as an internal compliance effort.

Why this matters

  • Structured security management: ISO/IEC 27001 formalizes how security risks are identified, assessed, treated, and reviewed over time.
  • Independent confidence: Certification against a globally recognized standard gives customers and prospects greater confidence in our security posture.
  • Faster vendor reviews: A stronger compliance foundation helps reduce friction during procurement, security questionnaires, and customer audits.
  • Continuous improvement: ISO/IEC 27001 is designed around ongoing review and maturation, not a one-time checkpoint.

A Fast Follow After SOC 2 Type II

We take security and compliance very seriously at Phase Two. Achieving full ISO/IEC 27001 certification just over six months after our September 17, 2025 SOC 2 Type II compliance milestone was an intentional investment in operational maturity, not a box-checking exercise.

This fast follow reflects the pace at which we have continued to strengthen our internal security program, including risk management, policy development, operational controls, documented procedures, and accountability across the organization.

What this means for customers

  • Higher confidence in our processes: Our security program is built around a clear, repeatable framework for managing information security.
  • Better support for enterprise requirements: Customers with formal security review processes benefit from a stronger compliance posture and clearer documentation.
  • Ongoing resilience: A mature ISMS helps support secure delivery, reliable operations, and a disciplined response to evolving risks.

What’s next

Security and compliance are continuous commitments. We will keep investing in the controls, processes, and operational rigor required to support customers with demanding security and compliance expectations.

Phase Two’s hosting product continues to support organizations across healthcare, security, retail, public sector, and more. Milestones like ISO/IEC 27001 certification help us meet the expectations of customers who need strong identity infrastructure backed by strong operational discipline.

Thank you for trusting Phase Two with your business. If you would like to learn more, please visit trust.phasetwo.io or email sales@phasetwo.io.