A further step in strengthening client trust
We are pleased to announce that Juniper Travel Technology (Juniper Consulting S.L.) has achieved ISO/IEC 27001:2022 certification (Certificate 2026-019). EY CertifyPoint issued it in July 2026.
This certification confirms compliance with the international benchmark standard for an Information Security Management System (ISMS), and demonstrates that at Juniper Travel Technology we identify, manage, and continuously improve the security risks affecting our platform.
What is ISO/IEC 27001:2022?
ISO/IEC 27001 is the international standard that defines how organizations should manage information security. It requires companies to identify risks systematically, implement controls to mitigate them, and measure how well those controls work. It also requires a continuous improvement cycle, supported by executive leadership and documented evidence.
In practice, this certification confirms that:
- We identify and assess risks proactively, not reactively.
- We have implemented the appropriate controls and can demonstrate their effectiveness.
- Leadership governs information security directly, with dedicated ownership, resources, and regular reviews.
- We maintain a continuous improvement process: incidents and internal audits lead to measurable, verifiable corrective actions.
- An independent auditor will review our management system every year, with full recertification every three years.
The scope of Juniper’s ISO27001 certification: product, processes and locations
Many organizations certify a single department, office, or business process. Our audited scope is different. It covers the entire ecosystem that lets our clients operate with Juniper every day:
- The product: the Juniper Booking Engine, its supporting technology infrastructure, and the corporate databases where reservation data is managed.
- The processes: software development, customer support, incident management, and internal operations.
- The teams: IT, development, project management, and process & planning.
- The locations: six offices and data centers across three countries – Palma, Salamanca, Cali Marratxí, Madrid and Miami.
- The people: nearly 300 professionals working under the certified management system.
In other words, we have not certified a single area of the business. We have certified the very product our clients rely on every day, end to end.
Why does ISO 27001 matter in travel technology?
Every booking involves personal data, identity-related information, and travel itineraries. It also involves significant payment flows exchanged between multiple stakeholders. At the same time, travel technology platforms operate within highly interconnected ecosystems. Many support hundreds of integrations while managing seasonal peaks, where downtime can directly hurt a client’s business.
For this reason, security travel technology is no longer a purely technical consideration. It has become a critical factor in procurement decisions, regulatory compliance, and business continuity planning.
What does this means for OTAs, DMCs, Tour Operators, Bedbanks, and Airlines?
The benefits of this certification extend across the entire travel distribution chain.
OTAs, which sell directly to travelers, see a direct benefit: it reduces the risk associated with the platform processing reservations and client data.
Tour operators, who manage bookings confirmed months in advance, gain support for their own duty of care and operational responsibilities toward travelers.
Bedbanks and DMCs, as B2B-focused businesses, can incorporate the certification directly into supplier assessments, procurement processes, and client audits, without building that security maturity internally.
Airlines benefit in a different way. This certification provides added assurance that the risks tied to critical technology providers are being actively managed and independently audited.
Ultimately, this is a single audited management system that supports the different operating models across the travel industry, while staying focused on what matters most: protecting data and business operations.
What are the benefits for our clients?
- Greater confidence. Clients can rely on a platform supported by an information security management system that has been independently audited and certified.
- Reduced compliance burden. Shorter security questionnaires, smoother procurement processes, fewer barriers during RFP evaluations, and more streamlined supploer audits.
- Operational resilience. Audited controls for incident response and crisis management strengthen business continuity in an industry where uptime is essential.
ISO 27001, SOC 2 Type II and PCI DSS: How our certifications work together
ISO/IEC 27001:2022 does not stand alone. It complements two other certifications, and together they form a broader security framework across our platform and operations.
- PCI DSS demonstrates our compliance with the rigorous standards set by the payment card industry, including Visa, Mastercard, American Express, and other PCI Council members. It covers the secure handling of cardholder data within our Juniper PCI DSS Payment Gateway. A PCI-SSC certified Qualified Security Assessor (QSA) audits our compliance independently.
- SOC 2 Type II, developed by the AICPA, evaluates not just the design of our controls but their ongoing effectiveness over time. It covers key trust principles: security, availability, processing integrity, confidentiality, and privacy.
ISO 27001 certifies how we govern information security across the organization. PCI DSS focuses specifically on payment security. And SOC 2 Type II shows that our controls keep working over an extended period, not just on the day of an audit.
Committed to continuous improvement
Achieving this certification is an important milestone, but it is also a long-term commitment.
We will keep investing the processes, technology, and talent that strengthen the security of our solutions. Information security is about more than technology: it is the foundation on which we build trusted, long-lasting relationships with our clients and partners around the world.
Certified Juniper Travel Technology for ISO/IEC 27001:2022 compliance