Almost EVERYONE who tried headless systems said they saw benefits. Download the state of CMS now!

O’Reilly Report: Decoupled Applications and Composable Web Architectures - Download Now

Empower your teams & get a 582% ROI: See Storyblok's CMS in action

Skip to main content

ISO 27001 certified CMS

As an ISO 27001 certified CMS, Storyblok is one of the most secure, enterprise-grade CMSes available on the market. Storyblok is meticulously tested and monitored through best in breed security protocols. These protocols include regular code reviews, strict access control, anomaly detection and rigorous security testing.

Product Operations

All data stored on Storyblok is hosted on Amazon AWS in Frankfurt, Germany with regular back ups, recovery tests and continuous automatic security tests through Detectify as well as regular penetrations tests to the entire system.

Security team

Regular vulnerability and penetration testing by Storyblok's security team and by leading third party security providers.

AWS environment

AWS environment safeguarded by WAF (web application firewall), AI-based intrusion detection via AWS Guard Duty and strong access control using certificate based authentication.

Continuous monitoring

Continuous monitoring and automatic scaling during high demand periods ensure consistently fast response times and service availability.

Software Development

Storyblok incorporates industry leading security measures into every aspect of the software development life cycle (SDLC). This ensures that every line of code we produce follows the highest security standards from inception through to development, QA testing, and release.

  • Strict adherence to OWASP secure coding best practices and guidelines.
  • Dedicated security code reviews, continuous security training, and security testing.
  • Automated vulnerability testing, scans, anomaly detection, and automated dependency updates.

Data Privacy and Protection

Our data privacy and protection protocols go well beyond compliance. For us data privacy is not just a checklist. It is one of our driving principles. Our desire to safeguard and protect this principle encompasses every aspect of our company - from software development to employee operations.

Data encryption

Data encryption (both in transit and at rest) employing key lengths and algorithms approved by industry leading standards.

Company-wide protocols

Company-wide protocols including strict access control, centralized endpoint management, mandatory security checks and regular security awareness training.

GDPR compliant

GDPR compliant data storage, management and data processing.