AICPA Service Organization Control Reports
Service Organization Controls (SOC) reports are designed to help service organizations that operate information systems and provide information system services to other entities build trust and confidence in their service delivery processes and controls. These reports are provided by independent Certified Public Accountants.
PCI DSS is a standard that specifies best practices and various security controls. Certification in the standard requires organizations to:
- Build and maintain a secure network
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong security measures
- Regularly test and monitor networks
- Maintain an information security policy
ISO 27001 is a widely-adopted global security standard that outlines the requirements for information security management systems and provides a systematic approach to managing company and customer information based on periodic risk assessments. The latest standard, ISO/IEC 27001:2013, was published on September 25, 2013 by the International Organization of Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee.
In order to achieve ISO 27001:2013 certification, a company must show it has a systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity, and availability of company and customer information. This standard emphasizes the measurement and evaluation of how well an organization’s Information Security Management System (ISMS) is performing and also includes information security related controls based system along with other requirements.
Based upon the scope of our ISMS, Alert Logic is audited by a 3rd party ISO/IEC 27001 Certification Body. Alert Logic ISO 27001:2013 Certificate of Registration
EU-U.S. Privacy Shield Framework
The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce, and the European Commission, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.
Cyber Essentials is a UK government-backed cyber security certification scheme that sets out a good baseline of cyber security suitable for all organizations in all sectors.
Cloud Security Alliance (CSA) STAR Self-Assessment
The Cloud Security Alliance (CSA) is a nonprofit organization led by a broad coalition of industry practitioners, corporations, and other important stakeholders. It is dedicated to defining best practices to help ensure a more secure cloud computing environment, and to helping potential cloud customers make informed decisions when transitioning their IT operations to the cloud. Alert Logic has completed the CSA STAR Self-Assessment via the Consensus Assessments Initiative Questionnaire (CAIQ) and published the results to the CSA Security, Trust, and Assurance Registry: Alert Logic - CAIQ (v3).
U.S Department of Homeland Security – SAFETY Act
The SAFETY Act provides important legal liability protections for providers of Qualified Anti-Terrorism Technologies – whether they are products or services. The goal of the SAFETY Act is to encourage the development and deployment of effective anti-terrorism products and services by providing liability protections.