Today, we’re proud to share that Tines has achieved ISO 27001, ISO 27701, and ISO 42001 certification. This marks an important milestone in how we continue to effectively manage information security, privacy, and AI governance across our business and platform.
For you, this is about more than achieving the ISO trifecta. This achievement reflects our clear, repeatable approach to protecting information, managing privacy responsibly, and ensuring strong governance around how AI is implemented and used at Tines. As AI continues to become an essential part of the world’s most important workflows, this foundation is non-negotiable.
What these certifications mean
Each certification supports a different part of how we operate.
ISO 27001 focuses on the systems and processes an organization uses for information security including how they manage and improve it over time.
ISO 27701 builds on that foundation with a framework for managing personal data responsibly.
ISO 42001 focuses on AI governance, helping organizations put the policies, controls, and oversight in place to develop and use AI responsibly.
Together, these certifications reflect the strength of our internal programs and our commitment to improving them over time.
Why this matters to you
You rely on Tines to support your most important workflows across security, IT, infrastructure, and operations. We take that responsibility extremely seriously.
Achieving ISO 27001, ISO 27701, and ISO 42001 certification reinforces our commitment to:
protecting customer and company information through uncompromising security practices
managing privacy with clear accountability and well-defined processes
governing AI with thoughtful oversight and risk management
If you’re trusting a business and product with your most important workflows, then you need a partner that balances both innovation with accountability. These certifications confirm and communicate our continuous investment in both.
Tines x Tines: How we used intelligent workflows to achieve the ISO trifecta
Risk management
To make risk management more consistent and less manual, we built an intelligent workflow in Tines which lets employees submit risks through a Tines page. This then passes the data to an AI agent to evaluate likelihood, impact, inherent risk, and residual risk using a structured methodology. Rather than simply assigning scores, the AI agent generates written rationales for its assessments and helps flag inconsistencies in the submitted information. From there, submissions can be routed for human review, approved risks can be stored in Records on the Tines platform, and reminders or follow-up actions can be triggered when needed. The result was a more scalable process with better visibility and less manual coordination.
Manage a risk register using AI-driven scoring and records
Submit risks via Workbench or an internal Tines Page, score them automatically with AI, and track results in a risk register using records.
Created by
Brandon Maxwell
Security awareness training management
We streamlined our security awareness training by seamlessly connecting systems, enabling faster execution and freeing up time for higher-value work. Our GRC tool did not have a native integration with our Learning Management Solution (LMS), which meant collecting evidence for security awareness training was still a very manual step. With Tines, we built a workflow that could pull personnel data, identify employees missing required training, retrieve completion records from our LMS, compile the relevant evidence, and upload it directly to our GRC tool. This ensured evidence stayed current, accelerated audit readiness, and significantly reduced manual effort.
Sync security awareness training completions from WorkRamp to Drata
Fetches daily security awareness training completion records from WorkRamp and uploads them as evidence to Drata for users failing the security training compliance check.
Created by
Brandon Maxwell
Github merge evidence
We also used Tines to automate parts of our code review audit process. As we shared in our previous blog post on achieving SOC 2 faster with workflows, Tines helped us collect and organize evidence for production code changes in a more consistent way, reducing manual effort and making reviews easier to manage. Results included 150 hours saved, with over 8000 merges during the period.
Generate a merge audit report for GitHub pull requests in Google Sheets
Generate an audit report of merged GitHub pull requests, capturing each PR's title, author, URL, and merge date for compliance review. Store in a timestamped Google Sheet for easy tracking
Tools
Created by
Brandon Maxwell
A milestone, not a finish line
While we are proud of this achievement, we do not see it as a one-time event.
Security, privacy, and AI governance all require ongoing attention as technology, risk, and customer expectations change. These certifications reflect the strength of the programs we have in place today. They also reinforce the importance of continuing to improve them over time.
That work continues at Tines, and it will remain a core part of how we build, operate, and support our customers.