December 2020: Compliance Certification Roundup

Each month, ZenGRC highlights companies that have earned compliance certifications for information security frameworks.

Here’s our December 2020 roundup of recent compliance certification news from around the United States and the world.

PCI Certification 

PCI certification and compliance are two different, but related, designations.
PCI certification is a more rigorous process. It involves an intensive audit performed by a Qualified Security Assessor (QSA).
PCI compliance means a company follows best practices to help protect Cardholder Data (CHD) following the guidelines set by the PCI Council.

• In November, Dutch-Bangla Bank Limited, Dhaka, Bangladesh, earned its PCI DSS certification for its IT infrastructure. Dutch-Bangla Bank Limited is a scheduled joint venture private commercial bank. Read more about Dutch-Bangla Bank Limited’s certification.
• In November, Ricoh USA, Inc., Exton, Pennsylvania, earned its PCI DSS certification for its inbound services. Ricoh USA, Inc. creates services that help ingest and manage an organization’s information. Read more about Ricoh USA, Inc.’s certification.
• In November, Chargeback Gurus, McKinney, Texas, earned its PCI DSS certification for its ecommerce services. Chargeback Gurus is a chargeback management and fraud prevention services provider. Read more about Chargeback Gurus’ certification.
• In November, ESICIA LTD, Kigali, Rwanda, earned its PCI DSS certification for its KPAY platform. ESICIA LTD is a software development company specializing in system integration. Read more about ESCIA LTD’s certification.

ISO Certification 

ISO standards concern many industries. The three primary ISO standards that help organize compliance for companies looking to create IT programs: IT, ISO 27001, ISO 31000, and ISO 9001.

• In November, LightDeck Diagnostics, Boulder, Colorado, earned its ISO 13485:2016 certification for its in vitro product suite. LightDeck Diagnostics is a lab testing provider. Read more about LightDeck Diagnostics’ certification.
• In November, the North Police Station, Kohima, Nagaland, India, earned its ISO certification for its quality management system. The North Police Station is a police station and government office. Learn more about the North Police Station’s certification.
• In November, RingCentral, Inc., Belmont, California, earned its ISO 27001, ISO 27017, and ISO 27018 certifications for its unified communication solution, RingCentral Office. RingCentral, Inc. is a global enterprise cloud communications provider. Learn more about RingCentral, Inc.’s certifications.
• In November, Asia Satellite Telecommunications Company (AsiaSat), Hong Kong, earned its ISO/IEC 27001:2013 certification for its hosting service. AsiaSat is a commercial operator of communication spacecraft. Learn more about AsiaSat’s certification.
• In November, the Nigerian Stock Exchange (NSE), Lagos, Nigeria, re-certified its ISO 27001:2013 certification for its Information Security Management System (ISMS). NSE is a stock exchange. Learn more about the NSE’s certification.
• In November, ActiveNav, Reston, Virginia, earned its ISO 27001 certification for its DMaaS (Data Mapping as a Service) service. ActiveNav is a data privacy and governance software provider. Learn more about ActiveNav’s certification.
• In November, Azercell, Baku, Azerbaijan, earned its ISO 37001:2016 certification for its digital solutions. Azercell is a mobile telecommunications company serving Azerbaijan. Learn more about Azercell’s certification. 
• In November, Termotecnica Pericoli, Albenga SV, Italy, earned its ISO 9001 certification for its products and services. Termotecnica Pericoli is a HVAC product supplier specializing in agricultural, livestock, and industrial settings. Learn more about Termotecnica Pericoli’s certification.
• In November, Litro Gas, Colombo, Sri Lanka, earned its ISO 45001:2018 certification for its Health, Safety, and Environment (HSE) management system. Litro Gas is a gas cylinder and LP gas supplier/distributor. Learn more about Litro Gas’s certification.
• In November, Green Commute Initiative (GCI), London, England, earned its ISO 27001 certification for its cycle to work scheme. Green Commute Initiative is a social enterprise providing cost-effective and flexible bike purchase solutions. Learn more about Green Commute Initiative’s certification.
• In November, Yggdrasil Gaming, Sliema, Malta, earned its ISO 27001 certification for its online games. Yggdrasil Gaming is a mobile casino games provider. Learn more about Yggdrasil Gaming’s certification.
• In November, Roca Networks, Ontario, Canada, earned its ISO 27001 certification for its cybersecurity products and services. Roca Networks is an information technology service provider. Learn more about Roca Networks’ certification.
• In November, Hypnos, Princes Risborough, England, earned its ISO 9001 certification for its products. Hypnos is a bed and mattress manufacturer. Learn more about Hypnos’ certification. 

SOC 2 Certification

SOC 2 concerns all organizations and enterprises providing services that process and store customer data. SOC 2 reports are based on five Trust Services Criteria: security, availability, confidentiality, processing integrity, and privacy.

• In November, Kitu Systems, San Diego, California, earned its SOC 2 Type 2 certification for its Azimuth software platform. Kitu Systems is a software provider for DER Coordination solutions and EV charging devices. Read more about Kitu Systems’ certification.
• In November, Datacoral, San Francisco, California, earned its SOC 2 Type 1 certification for its data integration platform. Datacoral is a secure end-to-end data infrastructure provider. Read more about Datacoral’s certification.
• In November, SimplyAgree, Nashville, Tennessee, earned its SOC 2 Type 2 certification for its closing management tool of the same name. SimplyAgree is a provider of technology for transactional attorneys. Read more about SimplyAgree’s certification.
• In November, InfraWare, Terre Haute, Indiana, earned its SOC 2 Type 1 certification for its ecosystem of services. InfraWare is a tech-enabled services company that helps professionals automate their documentation processes. Read more about InfraWare’s certification.
• In November, Orion Innovation, Edison, New Jersey, earned its SOC 2 Type 2 certification for its business solutions. Orion Innovation is a global business and tech firm providing digital strategy, experience design, and engineering services. Read more about Orion Innovation’s certification.
• In November, CentralReach, Fort Lauderdale, Florida, earned its SOC 2 certification for its EMR software and ABA services. CentralReach is a solutions provider for clinicians and educators that specialize in autism. Learn more about CentralReach’s certification.
• In November, Andesa Services, Allentown, Pennsylvania, earned its SOC 2 Type 2 certification for its cloud services. Andesa Services is a Policy Administration, Plan Administration and Third-Party Administration solutions provider. Read more about Andesa Services’ certification.
• In November, env0, Sunnyvale, California, earned its SOC 2 Type 2 certification for its SaaS platform. Env0 is an Infrastructure as Code service provider. Read more about env0’s certification. 
• In November, project44, Chicago, Illinois, earned its SOC 2 Type 2 certification for its security program. Project44 is a supply chain visibility provider. Read more about project44’s certification.

FedRAMP Certification

The Federal Risk and Authorization Management Program (FedRAMP), is a government program that determines if the cloud products and services offered by cloud service providers are secure enough to be used by federal agencies. 

• In November, Oracle, Redwood City, California, earned its FedRAMP certification for its cloud-based common data environment tool. Oracle is a data management system provider. Read more about Oracle’s certification.
• In November, VMware, Palo Alto, California, earned its FedRAMP certification for its RelativityOne Government service. VMWare is a global provider of legal and compliance technology services. Read more about VMware’s certification.

HIPAA Compliance

Compliance with the Federal Health Insurance Portability and Accountability Act (HIPAA) ensures that health care organizations protect the privacy, security, and integrity of protected health information.

• In November, springbig, Boca Raton, Florida, earned its HIPAA Compliance certification for its CRM and marketing technologies. Springbig is a cannabis CRM and loyalty marketing technologies provider. Read more about springbig’s certification.