In today’s hyper linked digital world, organizations are increasingly being required to adhere to various regulatory compliances. The increasing number of regulations and the need for operational transparency force organizations to adopt to consolidated and harmonized sets of compliance controls.
Regulations and accrediting organizations vary among fields, with examples such as PCI-DSS and GLBA in the financial industry and ISO Standards for operational efficiency and Data Privacy regulations.
We assist organizations with the following:
ISO certification: This is important because it is recognized worldwide as an accepted standard of quality. When companies can accurately document their systems, they can compare them against a recognized standard for improvement. Since ISO certification is a recognized standard, companies can use it to gauge and select the vendors or subcontractors they work with.
PCI-DSS: The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
SOC: “Service Organization Control reports are designed to help service organizations, organizations that operate information systems and provide information system services to other entities, build trust and confidence in their service delivery processes and controls through a report by an independent certified public accountant.”
- SOC 1: Previously called SSAE 16; Mainly financial reporting and operations related controls
- SOC 2: Based on Trust Principles with defined list of criteria and Restricted use
- SOC 3: Trust Principles which can be shared to general public and on website