ISO 27001 – Information Security Management System
ISO 27001 is the world’s best-known standard for information security management systems (ISMS).
The ISO 27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system.
Conformity with ISO 27001 means that an organization or business has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles established in this International Standard.
SOC 1 – Type 2 Reports covering internal controls over financial reporting systems
These reports, written as per AT-C section 320 (Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting), are specifically intended to meet the needs of entities that use service organizations (user entities) and the CPAs that audit the user entities’ financial statements (user auditors) to assess the effect of the service organization controls on the user entities’ financial statements.
SOC 2 – Type 2 report covering Security, Availability, Integrity, Confidentiality, and Privacy
These reports are intended to meet the needs of a broad range of users that require detailed information and assurance about the controls related to the security, availability, and processing integrity of the systems a service organization uses to process users’ data, as well as the confidentiality and privacy of the information processed by these systems. These reports can play a crucial role in:
- The overview of the organization
- Vendor management programs
- Internal corporate governance and risk management processes
- Regulatory oversight
PCI – Validation of controls around cardholder data to reduce credit card fraud
Created in 2006 by the Payment Card Industry Security Standards Council, this certification was initially established by the American Express, Discover, JCB, MasterCard, and Visa networks.
The main goal of PCI Compliance is to guarantee the security of sensitive data in financial transactions using cards in virtual environments.
The PCI DSS certification is thus mandatory for all companies that process, store, and share credit and/or debit card data over the internet.
