Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks.

Here’s our August 2020 roundup of compliance news from around the United States, and around the world.

PCI Certification

PCI certification and compliance are two different, but related, designations.

PCI certification is a more rigorous process. It involves an intensive audit performed by a Qualified Security Assessor (QSA).

PCI compliance means a company follows best practices to help protect Cardholder Data (CHD) following the guidelines set by the PCI Council.

ISO Certification 

ISO standards concern many industries. The three primary ISO standards that help organize compliance for companies looking to create IT programs: IT, ISO 27001, ISO 31000, and ISO 9001.

SOC 2 Certification

SOC 2 concerns all organizations and enterprises providing services that process and store customer data. SOC 2 reports are based on five Trust Services Criteria: security, availability, confidentiality, processing integrity, and privacy.

FedRAMP Certification

The Federal Risk and Authorization Management Program (FedRAMP), is a government program that determines if the cloud products and services offered by cloud service providers are secure enough to be used by federal agencies. 

HIPAA Compliance

Compliance with the Federal Health Insurance Portability and Accountability Act (HIPAA) ensures that health care organizations protect the privacy, security, and integrity of protected health information.

  • In July, IntelePeer, San Mateo, California, a Communications Platform as a Service (CPaaS) provider, announced Atmosphere CPaaS is now compliant with the Health Insurance Portability and Accountability Act (HIPAA). Read more about IntelePeer and HIPAA here.
  • In July, ExtraHop, Seattle, a cloud-native network detection and response provider, announced independent validation for HIPAA policies, procedures, and technology conducted by the third-party assessor, CoalFire. Read more about ExtraHop here.
  • In July, StarLeaf, Watford, United Kingdom, a provider of voice and video conferencing systems, achieved HIPAA compliance. This achievement allows StarLeaf to enter into a Business Associate Agreement (BAA) with US healthcare organizations. Read more about StarLeaf and HIPAA here.
  • In July, The 20, Plano, Texas, a business development group for Managed Service Providers (MSP), achieved compliance with HIPAA. Through the use of Compliancy Group’s proprietary HIPAA solution, The GuardTM The 20 can track their compliance program and has earned their Seal of ComplianceTM. Read more about The 20 and HIPAA here.

In July, IMImobile, Boca Raton, Florida, a global cloud communications software and solutions provider, completed its HIPAA compliance assessment for its customer interaction management platform, IMIconnect. Read more about IMImobile and HIPAA here.