R
Railwayβ€’10mo ago
Patrick

ISO 27001

Hi this might be a dumb question but does Railway have the ISO 27001 certification or is that irrelevant because Railway uses AWS? Thanks πŸ™‚
11 Replies
Percy
Percyβ€’10mo ago
Project ID: 071f7771-ab05-488c-b53b-47a7ec81aac1
Patrick
Patrickβ€’10mo ago
071f7771-ab05-488c-b53b-47a7ec81aac1
Brody
Brodyβ€’10mo ago
i mean railway uses gcp
Patrick
Patrickβ€’10mo ago
Oh my bad πŸ˜‚
Brody
Brodyβ€’10mo ago
as for the question about the certification, i will have to tag in @Angelo to answer that one for you
Patrick
Patrickβ€’10mo ago
Thank you Brody πŸ€—
angelo
angeloβ€’10mo ago
Whats the compliance need for? We are on GCP so we can determine how we can make sure we can meet that disclosure
Patrick
Patrickβ€’10mo ago
A customers of ours asked this
Usually, we require our suppliers to be ISO 27001 certified, or use an ISO 27001 hosting provider. If I understand your architecture correctly, your app is built on railway.app, so I've tried to find information on their website about their security posture, but they have no specific page with that information. If my presumptions are correct, could you please confirm if they are using an ISO 27001 certified hosting provider?
I also didn't find anything on the website/discord/knowledge base so I just wanted to ask
angelo
angeloβ€’10mo ago
Gotcha- we use GCP witch is ISO 27001 certified Going to tag in @x11d who can provide some insight but it seems that we are down the rabbit hole a bit in terms of vendor relationship Customer -> Agency -> Vendor -> Cloud Provider For enterprise customers we can provide an NDA and let you audit but I presume that is outside the scope of your customer relationship.
christian
christianβ€’10mo ago
While Railway follows and meets many of the requirements, Railway is not ISO 27001 certified. We generally rely upon certified vendors, including GCP, to run the platform. ISO 27001 certification is something we are considering for the future, but we do not have a timeline at this point.
Patrick
Patrickβ€’10mo ago
Thanks for getting back to me. Cool, so I'll tell them that Railway itself isn't certified but that you use GCP which is certified. Thanks πŸ‘