Global Certifications
| Certification | Description | Status |
|---|---|---|
SOC2 Type 2 | Service Organization Control Type 2 (SOC 2) is a cybersecurity compliance framework developed by the American Institute of Certified Public Accountants (AICPA). The primary purpose of SOC 2 is to ensure that third-party service providers store and process client data securely. Read more | |
ISO 27001 | ISO 27001 is an information security standard. Read more
| Certified
|
ISO 27017 | ISO 27017 provides guidelines for information security controls applicable to the provision and use of cloud services. | In process |
ISO 27018 | ISO 27018 is a collection of Information technology—security techniques—code of practice for the protection of personally identifiable information (PII) in public clouds acting as PII processors. | In process |
CSA Star | The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. | In process |
C5 | [Germany] The Cloud Computing Compliance Criteria Catalogue (C5) criteria catalog specifies minimum requirements for secure cloud computing. The German Federal Office for Information Security first published it in 2016. | |
ENS High | [Spain] The National Security Scheme (ENS) is a regulatory and reference framework established in Spain. It is based on Spanish legislation and European regulations related to information security to create the necessary conditions of trust in the use of electronic means through measures to guarantee the security of systems, data, communications, and electronic services, which allows the citizen and the public administration to exercise their rights and fulfill their duties through these media. | Certified |
ISMAP | [Japan] The Information System Security Management and Assessment Program (ISMAP) is a system that evaluates and registers cloud services that meet the government's security requirements in advance. Its purpose is to ensure the level of security in the Japanese government's procurement of cloud services and thereby contribute to the smooth introduction of cloud services. The ISMAP is administered by the government of Japan. | In process |
|
| The Health Insurance Portability and Accountability Act of 1996 (HIPAA ) is an attestation that Secure Access helps enable customers to comply with HIPAA requirements. HIPAA required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information. | In process |
The PCI Data Security Standard (DSS) is an attestation we provide customers using Secure Access to help enable compliance with PCI-DSS. PCI DSS was developed to encourage and enhance payment card account data security and facilitate the broad adoption of consistent data security measures globally. It provides a baseline of technical and operational requirements to protect payment account data. |
U.S. Federal and State Government Certifications
| Certifications | Description | Status |
|---|---|---|
FedRAMP | FedRAMP Moderate authorization is required for U.S. government agencies and state and local governments. | In process |
StateRAMP | StateRAMP is an authorization for select U.S. states. | In process |
TX-RAMP | The Texas Risk and Authorization Management Program (TX-RAMP) is a certification by the State of Texas. It applies to cloud applications for Texas state agencies and educational institutions. | Authorized for commercial version In process for government version |