I'll give you an example. I'm currently working on implementing a HR system into a large financial institution. The HR system is IS27001 certified and also has SOC1 & SOC2 reports. The three of them combined is regarded as industry best practice. Even with this HR platform having all 3 we are still flying to Barcelona and Paris to conduct our own security checks.
So without being IS27001 certified at a minimum I doubt any large organisation will sign up.
Not saying this isn't a good platform or product but bit early on in its life cycle for me.
PZR Price at posting:
0.1¢ Sentiment: None Disclosure: Not Held