ISO 27001
Hi this might be a dumb question but does Railway have the ISO 27001 certification or is that irrelevant because Railway uses AWS? Thanks π
11 Replies
Project ID:
071f7771-ab05-488c-b53b-47a7ec81aac1071f7771-ab05-488c-b53b-47a7ec81aac1
i mean railway uses gcp
Oh my bad π
as for the question about the certification, i will have to tag in @Angelo to answer that one for you
Thank you Brody π€
Whats the compliance need for? We are on GCP so we can determine how we can make sure we can meet that disclosure
A customers of ours asked this
Usually, we require our suppliers to be ISO 27001 certified, or use an ISO 27001 hosting provider. If I understand your architecture correctly, your app is built on railway.app, so I've tried to find information on their website about their security posture, but they have no specific page with that information. If my presumptions are correct, could you please confirm if they are using an ISO 27001 certified hosting provider?I also didn't find anything on the website/discord/knowledge base so I just wanted to ask
Gotcha- we use GCP witch is ISO 27001 certified
Going to tag in @x11d who can provide some insight but it seems that we are down the rabbit hole a bit in terms of vendor relationship Customer -> Agency -> Vendor -> Cloud Provider
For enterprise customers we can provide an NDA and let you audit but I presume that is outside the scope of your customer relationship.
While Railway follows and meets many of the requirements, Railway is not ISO 27001 certified. We generally rely upon certified vendors, including GCP, to run the platform. ISO 27001 certification is something we are considering for the future, but we do not have a timeline at this point.
Thanks for getting back to me. Cool, so I'll tell them that Railway itself isn't certified but that you use GCP which is certified. Thanks π