Beginning this month, Reciprocity will highlight companies that have earned compliance certifications for information security frameworks.


Here’s our May 2020 roundup of compliance news from around the United States, and around the world.

PCI Certification Roundup

PCI certification and compliance are two different, but related, designations.

PCI certification is a more rigorous process. It involves an intensive audit performed by a Qualified Security Assessor (QSA).

PCI compliance means a company follows best practices to help protect Cardholder Data (CHD) following the guidelines set by the PCI Council.

  • On April 29, GreenBox POS, San Diego, completed an audit of its technology infrastructure resulting in PCI Level 1 Compliance Certification. The company builds customizable, Blockchain-based payment solutions. Read more.
  • In late March, Semafone, Boston, announced it achieved PCI DSS certification for its omnichannel digital payments solution, Cardprotect Relay+. Read more.
  • Also in late March, multilingual outsourcing firm Open Access BPO, Manila, Philippines achieved PCI DSS certification for its transaction safety and security protocols and infrastructure. Read more.
  • In late February, Instaclustr, Redwood City, California, achieved PCI DSS certification across its managed Apache Cassandra and Apache Kafka services running in AWS. Read more

ISO Certification Roundup

ISO standards concern many industries. The three primary ISO standards that help organize compliance for companies looking to create IT programs: IT, ISO 27001, ISO 31000, and ISO 9001.

  • In April, xMatters, San Ramon, California, achieved ISO 27001 certification with zero nonconformities for its Digital Services Availability Platform. Read more
  • In April, Intuiface, Chicago, received its ISO 27001 certification. The company says it’s the first digital signage company to comply with the standards. Read more
  • In April, Pakistan Gas Port Consortium Limited, Lahore, Pakistan, which owns and runs Pakistan’s single largest LNG storage and regasification terminal, has received ISO 9001:2015, ISO 14001:2015, and ISO 45001:2018 certifications for its compliance to global standards for management system standards in LNG, transfer, storage, regasification and RLNG delivery and safety. Read more.
  • In April, Medullan, Boston, a digital medicine & digital health consultancy, has attained a renewed ISO 27001/27018 certification for information security management accreditation. Read more.
  • In April, the National Identity Management Commission (NIMC), Abuja, Nigeria, passed the ISO/IEC 27001:2013 re-certification audit. Read more.
  • In April, the Securities and Exchange Commission of Pakistan (SECP), Islamabad, successfully completed the phase 1 scope and audit of security standard certification ISO/IEC 27001:2013 for its Information Security Management System (ISMS). Read more.
  • In April, Provar, a test automation platform for Salesforce worldwide, today announced it has achieved ISO/IEC 27001:2013 certification, the global standard for information security management. Read more.
  • In April, logistics tracking technology company Position Imaging, Stratham, New Hampshire, earned its certified ISO/IEC 27001:2013 certification. Position Imaging’s certification was issued by A-LIGN, an independent and accredited auditor. Read more.
  • In April, Conga, Broomfield, Colorado, earned certifications for ISO 27001 and ISO 27701, among others. Coalfire Controls, LLC, performed the assurance activities. Read more.

SOC 2 Certification

SOC 2 concerns all organizations and enterprises providing services that process and store customer data. SOC 2 reports are based on five Trust Services Criteria: security, availability, confidentiality, processing integrity, and privacy.

  • In April, Sisu, San Francisco, achieved its SOC 2 Type II certification, with independent attestation from Linford. Sisu is also HIPAA compliant and certified accordingly under the Privacy Shield Framework. The company runs a diagnostic platform for enterprise data. Read more.
  • In April, ZL Technologies, Milpitas, California, earned its SOC 2 Type II compliance certification. The company builds cloud solutions and hybrid information management tools. Read more.
  • In April, Thycotic, Washington, D.C., which makes privileged access management (PAM) solutions, completed its SOC 2 Type 2 certification for its flagship product Secret Server Cloud, as well as its Privilege Manager Cloud, Privilege Behavioral Analytics, Account Lifecycle Manager, and DevOps Secrets Vault. Read more.
  • In April, Anitian, Portland, Oregon, completed its SOC 2 Type 2 audit for its Cloud Security Platform’s 24×7 SecOps and Managed Detection and Response services. Read more.
  • In April, INKY Technology Corporation, College Park, Maryland, announced the completion of the Service Organization Control (SOC) 2 Type I audit of the company’s internal controls and systems. Deloitte conducted INKY’s audit. Read more.
  • In April, Securly, San Jose, California, completed its SOC 2 Type 1 Audit Certification. Securly builds student safety and device management solutions for K-12 districts. Read more.
  • In April, INVISR, New York, announced the successful completion of its 2020 SOC 2 Type 1 examination. INVISR is a product development and consulting company that created Polystack, a low-code application development platform.
  • In April, Actionable Science, San Ramon, California, announced its successful completion of the Service Organization Control (SOC) 2 compliance audit. The company provides enterprise-grade conversational AI Virtual Assistants for auto-resolution of enterprise service desk issues. Read more.
  • In April, T-REX, New York, completed a SOC 2 Type 2 examination of its proprietary cloud-based data and analytics systems. T-REX has achieved SOC 2 Type 2 compliance since December 2016. Read more.
  • In April, Tempus Resource, Cleveland, earned its SOC 2 Type 2 certification. The company says it’s the first and only resource portfolio management RPM platform to achieve the distinction. Read more.
  • In March, Showpad, with US headquarters in Chicago, announced it’s a SOC 2 Type 2 accredited company. Showpad is also an ISO/IEC 27001:2013 certified company. Read more.
  • In March, Devolutions, Montreal, completed its SOC 2 Type 2 examination. The company creates solutions for remote desktop management, password management, and privileged access management. Read more.

FedRAMP Certification

The Federal Risk and Authorization Management Program (FedRAMP), is a government program that determines if the cloud products and services offered by cloud service providers are secure enough to be used by federal agencies. 

  • In April, Blackboard, Reston, Virginia, the educational technology platform, earned a FedRAMP Moderate designation from the U.S. federal government for its Blackboard Learn SaaS. Blackboard says this authorization makes Blackboard one of the only commercial off-the-shelf SaaS providers authorized in AWS GovCloud (US) as an Educational LMS. Read more.
  • In April, Dynatrace, Waltham, Massachusetts, announced it’s “In Process” to attain FedRAMP certification at a moderate impact level. Dynatrace is a software-intelligence monitoring platform. Read more.
  • In April, Palo Alto Networks, Santa Clara, California, achieved the designation of “In Process” for FedRAMP for its Prisma Access, which is a secure access service edge (SASE) that delivers protection to mobile users and remote offices. Read more.
  • In April, Oracle, Redwood Shores, California, announced its Oracle Cloud Infrastructure-Government Cloud has achieved FedRAMP High Authorization. Now, Oracle Cloud can provide government customers with the stringent standards of security necessary to protect the federal government’s data. Read more.


The National Institute of Standards and Technology (NIST) is a non-regulatory government group under the Department of Commerce. NIST creates standards to inspire U.S.-based organizations to be more competitive in the science and technology industry. Cybersecurity in the U.S. is heavily influenced by the NIST framework and special publications.

  • In April, StackRox, Mountain View, California, announced the StackRox Kubernetes Security Platform now supports continuous compliance checks for container-relevant controls in NIST 800-53. Read more.