In the software industry, trust is a prerequisite.
Two years after achieving SOC 2 compliance, Elements has reached a new milestone: ISO/IEC 27001:2022 certification.
As an Atlassian Marketplace app vendor supporting critical business workflows, we understand the responsibility that comes with handling sensitive data.
Achieving ISO/IEC 27001:2022 certification is the natural next step in our commitment to continuously improving how we manage risk and protect our customers.
What ISO/IEC 27001:2022 means
ISO/IEC 27001:2022 is an internationally recognized standard that structures how an organization manages information security. It requires a clear understanding of risks, defined processes to address them, and documented controls to protect sensitive information.
The standard also emphasizes accountability and continuous improvement. Security practices are regularly reviewed and tested over time.
Our journey to certification
In 2024, we conducted a gap analysis to assess alignment between our SOC 2 framework and ISO/IEC 27001:2022 requirements. While SOC 2 provided strong foundations, ISO demanded additional rigor in documentation, risk management, and internal audit processes.
After validating our roadmap with the executive committee, we partnered with Ouwba for the internal audit, later operationally supported by Cyberduy. Their external perspective helped us challenge our framework and strengthen key areas before entering the certification phase.
For the certification audit, we once again collaborated with Prescient, our long-term audit partner, ensuring an independent and rigorous evaluation process. Throughout the project, Drata supported us in structuring, centralizing, and monitoring the required evidence and controls.
In February 2026, Elements officially achieved ISO/IEC 27001:2022 certification, the result of months of cross-team collaboration and a shared commitment to raising our security standards.
When we received the official certificate, the auditor wrote:
“It is with great pleasure that we present you with the official certificate for ISO/IEC 27001:2022. We extend our heartfelt congratulations to your team for this remarkable achievement, and we appreciate the hard work and dedication your team has demonstrated.”
A proud moment for the team and the beginning of a new phase in our security journey.
What this means for our customers
ISO/IEC 27001:2022 confirms that security at Elements is continuously reviewed and independently validated.
Combined with our SOC 2 compliance, it provides additional assurance that customer data is protected and that our security practices mature as we grow.
Combined with our SOC 2 compliance, ISO/IEC 27001:2022 gives our customers additional confidence that their data is protected, our processes are mature, and security is continuously improving as we grow.
Learn more about our security commitment
ISO/IEC 27001:2022 certification is an important milestone, but security is an ongoing commitment.
We continue to strengthen our processes and monitor emerging risks. We invest in protecting the data entrusted to us. Transparency is part of our commitment.
To learn more about our security practices, certifications, policies, and compliance framework, access ourTrust Center page.
