Security & Compliance
Security Compliance: Managing Risk and Regulatory Compliance
We are committed to maintaining the highest level of industry compliance and government mandates. As information security regulations are evolving more rapidly than ever, leverage our experienced teams to design the solution specific to your business needs. Whether companies require compliant managed security services or a fully managed IT Governance, Risk management and Compliance (IT GRC), our experts can help to exceed expectations.
Secure-24 is experienced with and adheres to the following industry or government mandates:
- Sarbanes-Oxley Act (SOX)
- Payment Card Industry (PCI)
- EU General Data Protection Regulation (GDPR)
- International Organization for Standards
- Privacy Shield
- Federal Financial Institutions Examination Council (FFIEC)
- Federal Trade Commission Act (FTC)
- International Traffic in Arms Regulations (ITAR)
- Gramm-Leach-Bliley Act (GLB)
- Information Technology Infrastructure Library (ITIL 3)
- Control Objectives for Information and related Technology (COBIT 4)
- SSAE 18 SOC 1 Type II and SOC 2 Type II
- HIPAA / HITECH
- Federal Information Security Management Act (FISMA)
- FDA CFR 21 PART 11 and EC ANNEX 11 for Quality Validation
- Safe Harbor
ISO/IEC 27001:2013 Certification
Secure-24 has achieved the International Standards for Organizations (ISO) 27001:2013 Certification for Information Security Management System (ISMS) and Operations. Awarded by EY CertifyPoint, an accredited, independent and global certification institute, the ISO/IEC 27001:2013 certification is the international standard for ISMS. Our compliance was certified after demonstrating a systematic approach to managing and protecting company and customer data.
ISO/IEC 27017:2015 and 27018:2014 Certifications
Secure-24 has achieved the ISO/IEC 27017:2015, International Standards Certification for Cloud Services and 27018:2014 Certification for Protection of Personally Identifiable Information in the Cloud. These certifications awarded by EY CertifyPoint build upon our existing ability to adhere to industry standards including HIPAA/HITRUST, PCI, ITAR/EAR, FISMA, and FTI, and positions us at the forefront of industry certification.
SOC 2 and 3 Evaluation
Secure-24 has successfully completed the Service Organization Control (SOC) 2 & 3 evaluation in compliance with the newest American Institute of Certified Public Accountants (AICPA) guidelines. Issued by Ernst & Young LLP, global accredited and independent accountants, SOC 2 and SOC 3 compliance confirms that we have controls in place to ensure the security, availability, processing integrity and confidentiality of managed cloud services. We are among the first to issue a SOC 3 Report regarding compliance to the new AICPA Trust Services Criteria.
Compliance Auditing Certification
Secure-24 achieves the highest level of standards adherence. ITIL and COBIT are the foundation of our product and service offerings, which include mappings and certifications to the most common standards such as: ISO, COSO, AICPA and NIST. Our focus goes beyond following best practices to exceeding the most rigorous compliance standards. We are held to the compliance standards of our clients. When our clients are audited, so are we.