ISO/IEC 27001:2022
iPodnik cloud
Scope of certification
Provision of sovereign cloud hosting and managed services for POHODA accounting software, including supporting infrastructure in Prague.
Security & compliance
Information security is the ground floor of everything Cloud Holding delivers. Every company in the group is independently certified to ISO/IEC 27001:2022 by DNV - so the security controls behind our platforms are audited, documented, and continuously maintained.
What the certification means
ISO/IEC 27001 is the international standard for information security management systems. For customers, the practical meaning comes down to three things:
01
Every brand in the group holds its own certificate - not just the parent. Whichever company serves you, the same standard applies.
02
DNV is an accredited third-party certification body. The audits are evidence-based - sampling real controls, real records, and real people doing the work.
03
The ISMS defines how we handle incidents, access, change, suppliers, backups and recovery - reviewed and improved every year.
Certificates per company
Each company holds its own ISO/IEC 27001:2022 certificate issued by DNV. The scope below reflects what's certified for each entity. Certificates are available on request.
Scope of certification
Provision of sovereign cloud hosting and managed services for POHODA accounting software, including supporting infrastructure in Prague.
Scope of certification
Design, integration and operation of hyperscale cloud environments (Azure, AWS, Microsoft 365) and associated security and backup services.
Scope of certification
Delivery of data platform and business intelligence services on Microsoft Fabric and Power BI, including source integration and customer enablement.
Scope of certification
Provision of cybersecurity services - endpoint protection, identity hardening, monitoring and response - for business, IT-team and individual customers.
Scope of certification
Development, delivery and support of POHODA-native software - FameDash, FameBee, Storage Monkey - and associated e-commerce and automation services.
How we keep it valid
ISO 27001 certification runs on a three-year cycle of independent audits. A lapse in any year means loss of the certificate - so the discipline is continuous, not ceremonial.
DNV reviews the full ISMS - policies, risk assessment, controls, evidence - before issuing the certificate for the first time.
Year 0Each year, DNV returns to sample controls in action - how incidents were handled, how access was changed, how backups were tested.
Every yearEvery three years the entire ISMS is reassessed end to end. A successful recertification renews the certificate for another cycle.
Every 3 yearsBeyond the certificate
ISO 27001 defines what must be in place. We layer operational practices on top that are specific to running cloud and managed services at scale:
Request the details
Customers and partners can request copies of the current certificates and the statements of applicability. We'll send them the same day, straight from the compliance team.