This content appears on VM.blog: Cloudentity Secures SOC Type 2 and ISO 27001 Compliance
Cloudentity announced it has achieved SOC (System and Organization Controls) 2 Type 2 and ISO (International Organization of Standardization) 27001 certifications, confirming that its cloud-scale authorization solutions are compliant with the two most globally recognized and trusted security standards. The security and compliance audit was performed by BARR Advisory, P.A.
"Achieving these key industry certifications bolsters Cloudentity's position as a trusted partner for the publicly traded organizations and financial institutions that we serve. These organizations are beholden to strict internal security controls as well as industry-imposed regulations," said Brook Lovatt, Chief Product Officer of Cloudentity. "In addition, maintaining both SOC 2 Type 2 and ISO 27001 compliance positions Cloudentity to serve a broad international community of organizations that will only adopt solutions from certified vendors. The required compliance types and levels vary from region to region, but nearly all require either SOC 2 or ISO, and some require both."
As cyber threats evolve, businesses often rely on maintaining compliance standards within their own organization's infrastructure to ensure the required levels of assurance. Most of these businesses require the same levels of compliance from the software vendors and service providers they work with. By achieving compliance certification for both SOC 2 Type 2 and ISO 27001, Cloudentity has solidified its position as the top SaaS authorization platform that can be implemented by companies with even the most stringent security policies and postures.
SOC 2 Type 2 reports are designed to meet the needs of existing or potential customers who need assurance about the effectiveness of controls used by the service organization to process customers' information. For compliance, companies must meet the following principles and related criteria from the American Institute of CPAs (AICPA) for practitioners in the performance of trust services engagements:
- Security: The system is protected against unauthorized access (both physical and logical).
- Availability: The system is available for operation and use as committed or agreed.
- Processing Integrity: System processing is complete, valid, accurate, timely, and authorized to meet the entity's objectives.
- Confidentiality: Information designated as confidential is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, disclosed, and disposed of to meet the entity's objectives.
- HIPAA Security Rule Requirements: The system is compliant with the applicable HIPAA Security Rule requirements set forth in the U.S. Department of Health and Human Services (HHS) Health Information Portability and Accountability Act.
For more information on the Cloudentity SaaS Platform and its capabilities, please visit: https://cloudentity.com/platform/
Get started with Cloudentity for free with unlimited users and up to 1 million authorization grants per month.