August 2020: Compliance Certification Roundup

Each month, ZenGRC highlights companies that have earned compliance certifications for information security frameworks.

Here’s our August 2020 roundup of compliance news from around the United States, and around the world.

PCI Certification

PCI certification and compliance are two different, but related, designations.

PCI certification is a more rigorous process. It involves an intensive audit performed by a Qualified Security Assessor (QSA).

PCI compliance means a company follows best practices to help protect Cardholder Data (CHD) following the guidelines set by the PCI Council.

• In July, financial transaction lifecycle management solutions provider SmartStream, New York City, announced certification for PCI-DSS version 3.2.1, level 1, the highest level. Read more about SmartStream’s PCI-DSS certification.
• In July, Effectual, Hoboken, New Jersey, a cloud-first professional services company, achieved PCI DSS certification as a Level 1 Service Provider. Coalfire, a third-party qualified security assessor (QSA), awarded the certification. Read more about Effectual’s PCI DSS certification.
• In July, health care technology and payment processor Rectangle Health, Valhalla, New York, announced that it had been certified as an official PCI SSC Point-to-Point Encryption (P2PE) Solution Provider. Rectangle is also a PCI Level 2 Service Provider. Coalfire, a third-party qualified security assessor (QSA), awarded the certification. Read more about Rectangle Health’s PCI certification.
• In July, MYPINPAD, London, England, a secure personal authentication solutions firm, first company in the world to achieve PCI SSC certification for its Android software-based Contactless Payments on Commercial off-the-shelf (CPoC) solution. Read more about MYPINPAD’s certification here.
• In July, higher education fundraising platform RNL, Cedar Rapids, Iowa, achieved PCI-DSS 3.2 compliance and certification for RNL Engage Remote Engagement with WebRTC. Read more about RNL here.
• In July, Sum And Substance Ltd, London, United Kingdom, an identity verification software firm, was awarded the PCI DSS attestation of compliance as a Service Provider. Read more about Sum and Substance here.
• In July, The Results Companies, Fort Lauderdale, Florida, an enterprise digital customer journey designer, achieved PCI-DSS compliance for its data centers, global network, global call centers, and Results Home Office™ technology. Read more about The Results Companies and PCI DSS here.

ISO Certification 

ISO standards concern many industries. The three primary ISO standards that help organize compliance for companies looking to create IT programs: IT, ISO 27001, ISO 31000, and ISO 9001.

• In July, Tangoe, Parsippany, New Jersey, an enterprise technology expense management firm, successfully completed certification to the ISO 27001 standard. Read more about Tangoe’s ISO certification here.
• In July, Qatar-based retailer Al Meera Consumer Goods Company (Q.S.C) announced that it achieved ISO/IEC 27001:2013 certification for its robust Information Security Management System (ISMS). Read more about Al Meera’s ISO certification here.
• In July, ORYX Gaming, with US headquarters in Las Vegas, Nevada, was awarded ISO/IEC 27001 certification, underlining the supplier’s commitment to information security. Read more about ORYX here.
• In July, Delasport, Gibraltar, a high-end gaming software company, earned its ISO/IEC 27001:2017 certificate accreditation. Read more about Delasport here.
• In July, PariPlay Limited, Gibraltar, a B2B provider of iGaming Solutions and games, earned its ISO/IEC 27001:2017 certificate accreditation. Read more about PariPlay here.
• In July, YITU Technology, Shanghai, China, an artificial intelligence company, received the ISO/IEC 27701:2019 certification from the British Standards Institution (BSI) for its privacy information management system. YITU is the first AI company in China to receive it. Read more about YITU and ISO here.
• In July, PFU America, Inc., Sunnyvale, California, achieved ISO 27001 certification. Schellman & Company LLC conducted the audit. Read more about PFU America and ISO here.
• In July, Unicon, Gilbert, Arizona, a technology consulting firm focused on the education ecosystem, achieved ISO 27001:2013 certification across its professional services, cloud services, and company operations. Read more about Unicon and ISO here.
• In July, Aprio, Atlanta, Georgia, was accredited as an ISO 27701 Certifying Body by the ANSI-ASQ Accreditation Board (ANAB). This builds upon Aprio’s 2015 achievement as an ISO 27001 Certifying Body and makes Aprio the first full-service CPA firm in the U.S. to receive ANAB’s ISO 27701 certification. Read more about Aprio and ISO.
• In July, The Qatar Chamber of Commerce, Doha, Qatar, received ISO 27001:2013 certification for developing its information security management systems. Read more about the Qatar Chamber and its ISO certification here.
• In July, Snapdeal, New Delhi, India, received the ISO/IEC 27001:2013 certification, making it among the few e-commerce companies in India to do so. BSI group conducted the audit. Read more about Snapdeal and its ISO certification here.
• In July, Cornerstone, London, United Kingdom, a people development/HR solutions firm, received its ISO 27701 certification for a Privacy Information Management System. Read more about Cornerstone and ISO here.

SOC 2 Certification

SOC 2 concerns all organizations and enterprises providing services that process and store customer data. SOC 2 reports are based on five Trust Services Criteria: security, availability, confidentiality, processing integrity, and privacy.

• In July, True Influence, Princeton, New Jersey, an intent-based sales and marketing solutions provider, announced that it had successfully completed the Service Organization Control (SOC) 2 Type 2 audit. Read more about True Influence’s SOC 2 audit.
• In July, Aithent Inc., New York City, a cloud solutions company servicing the banking, government, healthcare and insurance markets, completed the Statement of Standards for Attestation Engagements 18 (SSAE-18), SOC 2 Type 2 audit. Read more about Aithent’s SOC 2 audit.
• In July, SOC Prime, Washington, D.C., a cybersecurity analytics platform, successfully completed the SOC 2 Type I auditing process. Read more about SOC Prime’s SOC 2 audit here.
• In July, Quixy, Hyderabad, Telangana, India, a no-code process automation and app development platform, achieved SOC 2 Type 2 compliance in addition to ISO 27001 certification that it already holds. Read more about Quixy and SOC 2 here.
• In July, BiZZdesign, Enschede, Netherlands, an enterprise transformation software vendor, attainted its SOC 2 – Type 2 attestation. Read more about BiZZdesign and SOC 2 here.
• In July, W Energy Software, Tulsa, Oklahoma, and upstream and midstream oil & gas ERP solutions firm, successfully completed a SOC 2 Type 2 Audit for their Financial and Transaction Management Software System. Skoda Minotti conducting the audit. Read more about W Energy Software and SOC 2 here.
• In July, BackChecked LLC, Phoenix, Arizona, a background screening/Consumer Reporting Agencies SaaS tool firm, completed a SOC 2 Type 2 audit. Read more about BackChecked and SOC 2 here.
• In July, Botkeeper, Boston, Massachusetts, a cloud-based automated bookkeeping solution, completed a SOC 2 Type 1 compliance audit. Read more about Botkeeper and SOC 2 here.
• In July, Cymulate, New York City, a SaaS-based Breach and Attack Simulation (BAS) platform, achieved SOC 2 Type 2 compliance in addition to ISO 27001 certification, awarded December 2019. Read more about Cymulate and SOC 2 here.
• In July, SeamlessDocs, New York City, a provider of form automation and eSignature technology for governments, achieved SOC 2 Type 1 compliance, as well as full compliance with HIPAA. A-Lign conducted the SOC 2 audit. Read more about SeamlessDocs and SOC 2 here.
• In July, Even Financial, New York City, an API firm for financial services search, acquisition, and monetization, completed its SOC 2 Type 2 examination. Schneider Downs & Co. conducted the audit. Read more about Even Financial and SOC 2.
• In July, RecVue Inc., Palo Alto, California, an order-to-cash automation platform, completed its SOC 1 Type 2 and SOC 2 Type 2 examinations. Read more about RecVue and SOC 2 here.
• In July, Megaphone, Reston, Virginia, a podcast hosting and ad-insertion service for enterprises, completed its Service Organization Controls (SOC) 1 Type I and SOC 2 examinations in regards to ​its financial and information security management. Read more about Megaphone and SOC 2 here.
• In July, Longbow Advantage, Ann Arbor, Michigan, a supply chain software and data service firm, obtained its SOC 2 certification for the fourth year in a row. Read more about Longbow Advantage and SOC 2 here.
• In July, Proctortrack, New York City, an AI powered online remote proctoring software, completed its SOC 2 Type 2 certification. Read more about Proctortrack’s SOC 2 certification here.
• In July, X20 Media, Montreal, Canada, visual communication and real-time data visualization service provider, completed its SOC 2 Type 2 audit. Read more about X20 and SOC 2 here.
• In July, NowSecure, Chicago, Illinois, a mobile app security and privacy software company, achieved its SOC 2 Type 2 certification. Read more about NowSecure and SOC 2 here.
• In July, Dividend Finance, San Francisco, California, a fintech point-of-sale lender for home improvement and solar projects, completed its SOC 2 Type 2 accreditation. Read more about Dividend and SOC 2 here.
• In July, Brightleaf Solutions, Brookline, Massachusetts, a contract data extraction and analytics firm, completed itsSOC 2 Type 1 audit. Learn more about Brightleaf and SOC 2 here.

FedRAMP Certification

The Federal Risk and Authorization Management Program (FedRAMP), is a government program that determines if the cloud products and services offered by cloud service providers are secure enough to be used by federal agencies. 

• In July, litigation and e-discovery platform Everlaw, Oakland, California, achieved a FedRAMP Moderate Authority to Operate, through its partnership with the Department of Justice. Read more about Everlaw’s FedRAMP certification.
• In July, Elastic, Mountain View, California, a company that helps people explore and analyze their data using search, achieved the Federal Risk and Authorization Management Program (FedRAMP) Moderate authorization. Read more about Elastic’s FedRAMP authorization.
• In July, Backstop Solutions Group, Chicago, Illinois, a cloud-based productivity suite for institutional and alternative investors, successfully completed System and Organization Controls (SOC) 2 Type II certification. Read more about Backstop’s SOC 2 audit.
• In July, Ivalua, Redwood City, California, a provider of global Spend Management Cloud solutions, achieved FedRAMP Ready status for moderate impact certification and is listed on the FedRAMP Marketplace. Read more about Ivalua here.
• In July, Snowflake, San Mateo, California, a cloud data platform, achieved FedRAMP Moderate Authorization to Operate (ATO) on both Amazon Web Services (AWS) US East cloud and Microsoft Azure Government cloud. Learn more about Snowflake and FedRAMP here.
• In July, Dynatrace, Waltham, Massachusetts, received its FedRAMP moderate impact level authorization, which is available for its federal customers via its new Dynatrace for Government offering. Read more about Dynatrace and FedRAMP here.

HIPAA Compliance

Compliance with the Federal Health Insurance Portability and Accountability Act (HIPAA) ensures that health care organizations protect the privacy, security, and integrity of protected health information.

• In July, IntelePeer, San Mateo, California, a Communications Platform as a Service (CPaaS) provider, announced Atmosphere CPaaS is now compliant with the Health Insurance Portability and Accountability Act (HIPAA). Read more about IntelePeer and HIPAA here.
• In July, ExtraHop, Seattle, a cloud-native network detection and response provider, announced independent validation for HIPAA policies, procedures, and technology conducted by the third-party assessor, CoalFire. Read more about ExtraHop here.
• In July, StarLeaf, Watford, United Kingdom, a provider of voice and video conferencing systems, achieved HIPAA compliance. This achievement allows StarLeaf to enter into a Business Associate Agreement (BAA) with US healthcare organizations. Read more about StarLeaf and HIPAA here.
• In July, The 20, Plano, Texas, a business development group for Managed Service Providers (MSP), achieved compliance with HIPAA. Through the use of Compliancy Group’s proprietary HIPAA solution, The GuardTM The 20 can track their compliance program and has earned their Seal of ComplianceTM. Read more about The 20 and HIPAA here.
• In July, IMImobile, Boca Raton, Florida, a global cloud communications software and solutions provider, completed its HIPAA compliance assessment for its customer interaction management platform, IMIconnect. Read more about IMImobile and HIPAA here.