Secure-24 Achieves ISO Re-certification and SOC 1, 2, and 3 Type Compliance
December 17, 2019
Secure -24 Achieves ISO Re-Certification of Information Security Management Systems, Cloud Service Management and Protection of Personally Identifiable Information in the Cloud
Secure-24 has achieved re-certification through the International Standards for Organization (ISO) after demonstrating security controls that are supported under the standard. Certifications achieved include: Information Security Management System (ISO) 27001:2013, Cloud Services (27017:2015 Certification) and Protection of Personally Identifiable Information in the Cloud (27018:2019 Certification).
“Security is at the heart of Secure-24’s processes and technologies,” said Jaclyn Miller, Chief Security and Privacy Officer, Secure-24. Our highest priority is protecting client data and the ISO 27001 certification demonstrates our continued commitment to achieving industry accreditation that meets client information security needs.”
Awarded by EY CertifyPoint, an accredited, independent and global certification institute, the ISO/IEC 27001:2015 certification is the international standard for ISMS. To achieve the certification, a company must show it has a systematic and ongoing approach to managing company and customer information. Secure-24’s compliance was certified after demonstrating a systematic approach to managing and protecting company and client data.
Additional Secure-24 certifications include IT Administration and Support, Enterprise Managed Cloud and Managed Security Services. To achieve the certifications, companies must have a systematic and ongoing approach to managing company and customer sensitive information in the cloud.
Secure-24 Achieves SOC 1, SOC 2, and SOC 3 Type Compliance
Secure-24 has successfully completed the Service Organization Control (SOC) 1, 2 & 3 evaluation in compliance with the newest American Institute of Certified Public Accountants (AICPA) guidelines. The reports demonstrate that Secure-24 has an established framework for internal controls that facilitate accountability and commitment to security, enabling operational effectiveness and increased efficiencies. In addition, the achievement of SOC 1, SOC 2 and SOC 3 Compliance highlights that Secure-24’s information security controls are appropriately designed, implemented and maintained and meet the requirements of certification programs and third-party assessments that a customer’s security teams must meet.
“We are pleased that our SOC 1, SOC 2 and SOC 3 compliance affirms that we have implemented the highest controls to mitigate risk,” said Jaclyn Miller, Chief Security and Privacy Officer, Secure-24. “Our compliance provides clients with third-party verification that our operations meet process, control, and internationally recognized standards.”
Issued by Ernst & Young LLP, global accredited and independent accountants, SOC 1 and SOC 2 compliance confirms that Secure-24 has controls in place to ensure the security, availability, processing integrity and confidentiality of its managed cloud services.
The AICPA Trust Services Criteria aligns the SOC 2 and SOC 3 control requirements to COSO 2013 Internal Control – Integrated Framework. A SOC 3 compliance report is designed to meet the needs of existing or potential customers who need assurance about the effectiveness of controls at a service organization that are relevant to the security, availability or processing integrity of the system used by the service organization to process a customers’ information or the confidentiality or privacy of that information.
The Secure-24 SOC 3 Report can be viewed here.