Cyber Security Statement - Article

Commitment to information security as a cloud LMS provider, aligned with ISO 27001, 27017, and 27701 to ensure secure, compliant data protection.

Updated: 15 Mar 2026

2 min read

Summary

This Cyber Security Statement outlines how Eurekos protects customer data and cloud services through structured governance, recognized security frameworks, and continuous operational controls. It demonstrates the organization’s commitment to maintaining confidentiality, integrity, and availability across its SaaS learning platform.

In this article you will learn:

How Eurekos applies internationally recognized security standards in its cloud services
How ISO/IEC 27001, 27017, and 27701 frameworks guide security and privacy practices
How operational security activities such as monitoring, vulnerability scanning, and penetration testing protect the platform
How employees, suppliers, and partners contribute to maintaining security and compliance

Policy Statement

As a cloud service provider, information is one of Eurekos’ most critical assets. Protecting the trust placed in us by our customers requires maintaining the confidentiality, integrity, and availability of all information entrusted to our care. This commitment underpins our reputation as a trusted and responsible provider of IT services.

Eurekos delivers its cloud-based Learning Management System (LMS) as a Software-as-a-Service (SaaS) solution. Accordingly, robust cloud security controls and governance are fundamental to our operations.

Code of practice for cloud services

Eurekos implements internationally recognized best practices in accordance with ISO/IEC 27017, which extends the controls defined in ISO/IEC 27001 and ISO/IEC 27002 to address cloud-specific risks for both service providers and customers.

Adopting these globally recognized frameworks reduces the likelihood of data breaches and demonstrates Eurekos’ ongoing commitment to protecting information and information systems against unauthorized access and emerging cloud-related threats.

Alignment with International Standards

This policy aligns with and integrates the following standards:

ISO/IEC 27001 & ISO/IEC 27002 – International standards defining requirements and controls for Information Security Management Systems (ISMS).
ISO/IEC 27017 – Guidance for cloud-specific security controls.
ISO/IEC 27701 – Extension to ISO/IEC 27001 incorporating a Privacy Information Management System (PIMS) for protecting Personal Identifiable Information (PII), supporting GDPR and other privacy regulations.

Compliance with these frameworks applies to all employees, contractors, suppliers, and partners, who are required to adhere to equivalent security standards.

Operational Security Practices

To support continuous protection and resilience, Eurekos performs:

Weekly vulnerability scanning and structured review
Peer code reviews
Continuous system monitoring
Regular independent third-party penetration testing

Penetration testing is often conducted in collaboration with customers to validate controls against current threat landscapes and industry best practices.

This policy is aligned with the overarching Information Security Policy and the Supplier Relationship Policy, forming an integrated extension of the ISMS framework.

The latest public certification and compliance information is available at www.eurekos.com/iso.