Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks.

Here’s our November 2020 roundup of recent compliance news from around the United States and the world.

PCI Certification

PCI certification and compliance are two different, but related, designations.

PCI certification is a more rigorous process. It involves an intensive audit performed by a Qualified Security Assessor (QSA).

PCI compliance means a company follows best practices to help protect Cardholder Data (CHD) following the guidelines set by the PCI Council.

ISO Certification

ISO standards concern many industries. The three primary ISO standards that help organize compliance for companies looking to create IT programs: IT, ISO 27001, ISO 31000, and ISO 9001.

SOC 2 Certification

SOC 2 concerns all organizations and enterprises providing services that process and store customer data. SOC 2 reports are based on five Trust Services Criteria: security, availability, confidentiality, processing integrity, and privacy.

FedRAMP Certification

The Federal Risk and Authorization Management Program (FedRAMP), is a government program that determines if the cloud products and services offered by cloud service providers are secure enough to be used by federal agencies.

  • In October, Smartronix, Hollywood, Maryland, an IT service management company, earned its FedRAMP certification for its Cloud Assured Managed Services (CAMS) to support state-of-the-art private, public, and hybrid cloud solutions for highly regulated workloads. Read more about Smartronix’s certification.
  • In October, Oracle Cloud Infrastructure, Redwood City, California, a cloud computing service offered by Oracle Corporation providing servers, storage, network, applications and services through a global network of Oracle Corporation managed data centers, has obtained a Provisional Authority to Operate (P-ATO) from the FedRAMP Joint Authorization Board (JAB). Read more about Oracle’s certification.
  • In October, ControlCase, Fairfax, Virginia, a provider of IT Security Certifications and Continuous Compliance Services, earned a FedRAMP Third Party Assessment Organization (3PAO) certification for its strategic information security and compliance programs. Read more about ControlCase’s certification.
  • In October, Kahua, Alpharetta, Georgia, a web-based project and construction management software platform, achieved FedRAMP Ready Status for its Construction Program Management Solution. Learn more about Kahua’s certification.
  • In October, SentinelOne, Mountain View, California, an autonomous cybersecurity platform company, achieved the FedRAMP designation for its information security work for the federal government. Read more about SentinelOne’s certification.
  • In October, Atlassian, San Francisco, California, a provider of team collaboration and productivity software, achieved FedRAMP Tailored Authorization for its cloud-based work management solution, Trello Enterprise. Read more about Atlassian’s certification.
  • In October, Aruba Central, Santa Clara, California, a wireless networking subsidiary of Hewlett Packard Enterprise, announced its FedRAMP “In Process” designation. Read more about Aruba Central’s designation.
  • In October, Acuant, Los Angeles, California, an identity verification, document authentication and fraud prevention technology services provider, received a FedRAMP Moderate Provisional Authority to Operate (P-ATO) its AssureID Connect, Ozone document recognition, and FaceID facial recognition services (COFRS). Read more about Acuant’s designation.

HIPAA Compliance

Compliance with the Federal Health Insurance Portability and Accountability Act (HIPAA) ensures that health care organizations protect the privacy, security, and integrity of protected health information.

In October, WheelHouse IT, Fort Lauderdale, Florida, an IT support and Managed IT Services Provider (MSP), earned its HIPAA compliance for its work managing IT for the healthcare industry. Read more about WheelHouse IT’s compliance.