October 2020: Compliance Certification Roundup
Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks.
Here’s our October 2020 roundup of recent compliance news from around the United States and the world.
PCI certification and compliance are two different, but related, designations.
PCI certification is a more rigorous process. It involves an intensive audit performed by a Qualified Security Assessor (QSA).
PCI compliance means a company follows best practices to help protect Cardholder Data (CHD) following the guidelines set by the PCI Council.
- In September, Telehouse America, New York, New York, a global leader for data centers, international internet exchanges and managed IT services, completed its most recent round of HIPAA, PCI-DSS, SOC1 Type II, CPNI, GDPR, and CCPA compliance review and certifications. Read more about Telehouse America’s certifications here.
ISO standards concern many industries. The three primary ISO standards that help organize compliance for companies looking to create IT programs: IT, ISO 27001, ISO 31000, and ISO 9001.
- In September, Avenga US LLC, Rochelle Park, New Jersey, a global IT and digital transformation champion, achieved the ISO/IEC 27001:2013 certification. Read more about Avenga’s certification.
- In September, The Cotton Association of India (CAI), Mumbai, India, was awarded ISO: 9001:2015 certification. Read more about The Cotton Association of India’s certification.
- In September, Qisda, Taipei, Taiwan, an EMS provider, disclosed it has obtained ISO/IEC 27001 certification for information security management from UK-based British Standards Institution. Read more about Qisda’s certification.
- In September, The Bureau of Immigration (BI), Manila, Philippines, retained its ISO certification. Read more about The Bureau of Immigration’s certification.
- In September, Qatar Youth Hostels, Doha, Qatar, a hostels and accommodations provider, obtained the renewal of the ISO 9001:2015 certificate for its quality management system. Read more about Qatar Youth Hostels’s certification.
- In September, ForgeRock, San Francisco, California, a digital identity platform, achieved certification for ISO/IEC 27001:2017 standard. This certification, conducted by the British Assessment Bureau. Read more about ForgeRock’s certification.
- In September, Netkiller, San Jose, California, an asset tracking provider, achieved an ISO/IEC 27001:2013 certification. Read more about Netkiller’s certification.
SOC 2 Certification
SOC 2 concerns all organizations and enterprises providing services that process and store customer data. SOC 2 reports are based on five Trust Services Criteria: security, availability, confidentiality, processing integrity, and privacy.
- In September, Proposify, Halifax, Nova Scotia, a provider of online proposal software, announced the successful completion of SOC 2 Type 1 examination. Learn more about Proposify’s SOC 2 certification.
- In September, MarginPoint, Laguna Hills, California, a provider of field service management and mobile inventory management solutions for service contractors, completed AICPA SOC 2 Type 1 and Type 2 certifications. Learn more about MarginPoint’s SOC 2 certification.
- In September, Fineline Printing Group, Indianapolis, Indiana, a strategic print partner, earned the SOC2 Type2 Certification. Read more about Fineline’s SOC 2 certification.
- In September, 2020 Analytics, Clearwater, Florida, a provider of loan portfolio analytics software, announced the successful completion of their 2020 SOC 1 Type 2 examination, as well as their 2020 SOC 2 Type 2 examination. Read more about their SOC 2 certification.
- In September, Vic.ai, New York, New York, an AI (artificial intelligence) platform for accounting productivity, announced today its completion of the Service Organization Control (SOC) 2 Type 1 attestation. Read more about their SOC 2 certification.
- In September, KMS Lighthouse, Tel Aviv, Israel, achieved System and Organization Controls 2, Type II compliance. The SOC2 Type II audit was conducted by Deloitte Israel in compliance with the attestation standards set by the American Institute of Certified Public Accountants (AICPA). Read more about their SOC 2 certification.
- In September, Eon, Denver, Colorado, a healthtech leader, completed its 2020 SOC 2 Type II audit, performed by KirkpatrickPrice. Read more about their SOC 2 certification.
- In September, KlariVis, Roanoke, Virginia, a data analytics software platform developed by bankers for bankers, successfully completed the System and Organization Controls 2 Type II audit for confidentiality and security. Read more about their SOC 2 certification.
The Federal Risk and Authorization Management Program (FedRAMP), is a government program that determines if the cloud products and services offered by cloud service providers are secure enough to be used by federal agencies.
- In September, Infoblox Inc., Santa Clara, California, a leader in secure cloud-managed network services, today announced that BloxOne Threat Defense Federal Cloud has achieved “In Process” status for the Federal Risk and Authorization Management Program (FedRAMP). Read more about Infoblox’s certification.
- In September, Mimecast Limited, Lexington, Massachusetts, a leading email security and cyber resilience company, achieved FedRAMP ‘Ready’ status, a precursor to becoming FedRAMP fully authorized. Read more about Mimecast Limited’s certification.
- In September, eGain, Sunnyvale, California, a provider of customer engagement solutions, announced that it has achieved “in process” status on the FedRAMP Marketplace. Read more about eGain’s certification.
Compliance with the Federal Health Insurance Portability and Accountability Act (HIPAA) ensures that health care organizations protect the privacy, security, and integrity of protected health information.
- In September, TPx, Los Angeles, California, a premier managed services provider announced it has attained HIPAA attestation for its Managed SD-WAN and Firewall solutions. Read more about TPx’s HIPAA certification. Read more about TPx’s certification.
- In September, The Garam Group, Syracuse, New York, managed IT service provider, announced it continuously ensures its compliance with HIPAA. Read more about The Garam Group HIPAA certification.
- In September, Mydecine Innovations Group, Inc., Denver, Colorado, is pleased to announce that its wholly-owned subsidiary, Mindleap Health has implemented a comprehensive information security rollout of next-generation cyber-security solutions to meet HIPAA compliance standards. Read more about Mydecine Innovations Group’s HIPAA certification.
- In September, IT ArchiTeks, LLC, Frisco, Texas, computer support and services, is pleased to announce compliance with HIPAA. Read more about IT ArchiTek’s certification.
- In September, Litmus Health, Austin, Texas, the research-ready infrastructure platform for real-world data, announced HIPAA and FISMA compliance. Read more about Litmus Health’s certifications.