IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
International Women’s Day
391 opinions Read now

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Secure data center nas cloud servers translucent shield security
#
Storage
#
Data Protection
#
DR

Synology gains ISO 27001:2022 for security management

Tue, 10th Feb 2026
Author image
By Mark Tarre, News Chief

Synology has received ISO/IEC 27001:2022 certification for its information security management system, a standard organisations use to structure governance and controls around information security risks.

ISO/IEC 27001:2022 sets requirements for an information security management system and is widely used as a framework for managing security practices. It also helps demonstrate that processes are in place to assess risk, maintain controls and improve over time.

"Security and trust are foundational to everything we build at Synology," said Philip Wong, Chairman and CEO of Synology. "This certification reflects our commitment to protecting customer data and building secure, reliable solutions that our users can trust."

ISO/IEC 27001:2022 takes a risk-based approach and addresses confidentiality, integrity and availability. Organisations use it to identify information security risks, establish controls and monitor their effectiveness through ongoing management processes.

The certification covers Synology's information security management system, core infrastructure, secure development lifecycle and security response processes across its global operations.

Operational scope

In practical terms, ISO/IEC 27001 certification typically requires documented security policies, clear responsibilities, and processes for change management and incident response. It also covers supplier and asset management, access control, and the handling of information across systems and teams.

For technology vendors, development practices and response processes matter because product security and operational security often intersect. Secure development lifecycle practices typically include security reviews during design and development, as well as ongoing maintenance such as patch management. Incident response processes set expectations for detection, escalation, investigation and communications when issues occur.

"This certification helps ensure that data entrusted to Synology is securely protected and our operations adhere to consistent security practices aligned with the most stringent international standards," said Kuei-Huan Chen, Senior Director of the Synology Engineering Group.

Customer implications

Synology positioned the certification as relevant for customers with formal compliance obligations, including public sector bodies and organisations in regulated industries that require evidence of structured security management when selecting technology suppliers.

It also highlighted independent validation. ISO/IEC 27001 certification is assessed through external audits against the standard's requirements, and customers and partners often use it as a reference when evaluating vendor risk and governance maturity-particularly for products or services that store, process or transmit sensitive information.

Synology also linked the certification to the handling, storage and retention of customer-provided information. Data governance topics such as retention and secure disposal often sit alongside technical controls in information security management programmes, particularly when products are used for business-critical information.

Security expectations

The certification comes amid sustained scrutiny of technology supply chains and vendor security practices. Buyers increasingly ask for evidence of operational controls, incident readiness and secure product development processes. ISO/IEC 27001 is one of several standards and assurance mechanisms referenced in procurement questionnaires and due diligence assessments.

Synology is known for products used in data storage and backup, as well as file collaboration, video management and network infrastructure. It describes its portfolio as centred on a platform approach for IT administration. In many organisations, these systems sit close to sensitive data and business continuity processes, increasing the importance of controls around access, logging, updates and response procedures.

Synology plans to maintain ongoing compliance and continue improving its security frameworks. ISO/IEC 27001 certification also requires ongoing surveillance and internal management reviews, meaning organisations must keep controls current as risks and systems change.

Related stories
Solidatus unveils AI assistant to automate data lineage
Kernel in the crosshairs: The BlackSanta threat campaign targeting recruitment workflows
Denodo 9.4 boosts unified data access & AI at scale
Datadog launches MCP Server to link AI with telemetry
Siemens unveils LOGO! 9 compact controller upgrade

Top stories

Nvidia survey shows AI driving revenue, cuts & spend
Conga research links slow quote approvals to lost deals
Alteryx tops USD $1 billion ARR as AI workflows surge
Dify raises USD $30m to scale open-source AI workflows
Altimetrik names Dhirendra Nath as Chief HR Officer