Certifications

Get an overview of the Shared Assessments Program (formerly known as BITS Shared Assessments), a standardized tool used by global banks to efficiently assess vendor risk.

ISO/IEC 27018:2019 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO/IEC information security standard 27002 and provides implementation guidance on ISO/IEC 27002 controls applicable to public cloud Personally Identifiable Information (PII). It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO/IEC 27002 control set.

ISO/IEC 27017 is a security standard developed for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems. It was published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.It is part of the ISO/IEC 27000 family of standards, standards which provides best practice recommendations on information security management

The Australian Signals Directorate is supporting higher standards for security assessments and training through the enhanced Infosec Registered Assessor Program (IRAP).

In 2007, the Spanish government enacted Law 11/2007, which established a legal framework to give citizens electronic access to government and public services. This law is the basis for Esquema Nacional de Seguridad (National Security Framework), which is governed by Royal Decree (RD) 3/2010. The goal of the framework is to build trust in the provision of electronic services, and ensure the access, integrity, availability, authenticity, confidentiality, traceability, and preservation of data, information, and services.

Cloud Security Alliance (CSA) is a not-for-profit organization with the mission to “promote the use of best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure all other forms of computing."

In 2016, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created the Cloud Computing Compliance Criteria Catalogue (C5) as an auditing standard. It is intended for cloud service providers (CSPs), their auditors, and customers of the CSPs. C5 established a mandatory minimum baseline for cloud security and the adoption of public cloud solutions by German government agencies and organizations that work with government. C5 is also being increasingly adopted by the private sector.

The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States. The bill was passed by the California State Legislature and signed into law by Jerry Brown, Governor of California, on June 28, 2018, to amend Part 4 of Division 3 of the California Civil Code.Officially called AB-375, the act was introduced by Ed Chau, member of the California State Assembly, and State Senator Robert Hertzberg.

ISO/IEC 27701:2019 (formerly known as ISO/IEC 27552 during the drafting period) is a privacy extension to ISO/IEC 27001. The design goal is to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS).[1] The standard outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage privacy controls to reduce the risk to the privacy rights of individuals.

Transport Layer Security (TLS), the successor of the now-deprecated Secure Sockets Layer (SSL), is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

The TLS protocol aims primarily to provide cryptography, including privacy (confidentiality), integrity, and authenticity through the use of certificates, between two or more communicating computer applications. It runs in the application layer and is itself composed of two layers: the TLS record and the TLS handshake protocols.

ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family.

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

The General Data Protection Regulation (EU) 2016/679 (GDPR) is an EU regulation designed to strengthen the protection of individuals' personal data and ensure that their personal data is secure, both within and outside the European Union. The GDPR grants individuals more control over their personal data, as well as regulates the companies that process it. It also outlines procedures for transferring personal data outside of the EU area, in order to ensure that it remains secure. Ultimately, the GDPR ensures stricter security guidelines so companies are better able to protect individuals' privacy rights.

The Health Insurance Portability and Accountability Act (HIPAA) is a United States federal law that requires healthcare businesses to protect their clients' and patients' personal information. This policy, enforced by the U.S. Department of Health and Human Services (HHS), safeguards sensitive health data from being shared without consent or knowledge of the patient. By adhering to HIPAA guidelines, healthcare organizations are able to keep their practices compliant with this federal law.

FedRAMP is a government-wide program that provides a standardized approach to security assessment and authorization of cloud products and services for use by U.S. federal agencies. The program brings together uniform requirements for risk management and puts into place consistent levels of security for data stored in the cloud and other IT systems used by federal organizations. FedRAMP ensures that federal data is securely managed and protected against unauthorized access, with rigorous security measures taken to ensure its safety.

The American Institute of Certified Public Accountants (AICPA) publishes its Service Organization Control 3 (SOC 3) report which is an assurance of reliability and security, providing publicly accessible proof of the design and operating effectiveness of a specific service provider's controls related to security, availability, processing integrity and confidentiality.

The AICPA's Service Organization Control 2 (SOC2) is an auditing standard that helps organizations and service providers protect customer data through a set of criteria based on five trust service principles: security, availability, processing integrity, confidentiality, and privacy. Organizations and service providers who meet this standard demonstrate that they have safeguarded customer data in a secure environment while maintaining the highest level of confidentiality.

The American Institute of Certified Public Accountants (AICPA) SOC1 is an audit report which reports the service organization’s internal controls that could impact a customer’s financial statements. The report helps organizations comply with market and regulatory standards and gives customers clear assurance about the service organization’s information security practices.