ZenGRC

Simply Powerful GRC

June 2020: Compliance Certification Roundup

· ·

Each month, ZenGRC highlights companies that have earned compliance certifications for information security frameworks. Here’s our June 2020 roundup of compliance news from around the United States, and around the world.

PCI Certification 

PCI certification and compliance are two different, but related, designations.
PCI certification is a more rigorous process. It involves an intensive audit performed by a Qualified Security Assessor (QSA).
PCI compliance means a company follows best practices to help protect Cardholder Data (CHD) following the guidelines set by the PCI Council.

  • In May, The Ajman Finance Department, Ajman, United Arab Emirates, earned its PCI DSS certification for its Ajman Pay platform from ValueMentor, a global cybersecurity certification provider. Ajman Pay is a digital payment platform. Read more.
  • In May, ZipLine, Portland, Maine, announced its compliance and affirmation with PCI DSS. ZipLine is a Level 1 PCI DSS service provider through its mobile and private label debit transactions in the convenience industry. Read more.

ISO Certification 

ISO standards concern many industries. The three primary ISO standards that help organize compliance for companies looking to create IT programs: IT, ISO 27001, ISO 31000, and ISO 9001.

  • In May, Ikeja Electric Plc, Ikeja, Lagos, Nigeria, earned ISO 9001:2015 (Quality Management System); ISO 14001:2015 (Environmental Management System) and the newly published ISO 45001:2018 (Occupational Health & Safety Management System), following an audit carried out in March 2020. Read more
  • In May, metal 3D printing company Elementum 3D, Erie, Colorado, earned its ISO 9001:2015 certification for quality management from certification firm Platinum Registration, Inc. Read more.
  • In May, Freedom CAD Services, Nashua, New Hampshire, earned its ISO 9001:2015 recertification. Combined with its ITAR and NIST 800-171 compliances, Freedom CAD can better serve the engineering services demands of the military and aerospace industries. Read more.
  • In May, VRG Components, Charlotte, North Carolina, earned its ISO 9001:2015 certification through auditing firm AudIT3. VRG is an independent distributor of electronic components. Read more.
  • In May, USA Fastener Group, Chicago, earned its API Spec Q1 certification from the American Petroleum Institute (API) for its business unit located in Houston. This means USAFG conforms with ISO 9001:2015. Read more.
  • In May, Oerlikon Metco, Pfäffikon, Switzerland, achieved its first ISO 9001:2015 certification of its Quality Management System for the equipment business line at the company’s Westbury, New York facility. Read more.
  • In May, LARS Communications, Carnforth, United Kingdom, earned recertification as an ISO 27001:2013 provider. Auditing firm ACM Limited approved LARS’ accreditation for its Information Security Management System (ISMS). Read more.
  • In May, 3DEO, Los Angeles, a metal 3D printing company, achieved ISO 9001:2015 for quality management systems. Read more.
  • In May, Regalix, Palo Alto, California, a sales and marketing platform, earned its ISO/IEC 27001:2013 compliance certification. The certification was conferred to Regalix’s Bangalore and Hyderabad centers by auditing firm DNV GL. Read more.
  • In May, mobile telecommunications company ZTE Corporation, Shenzhen, China, earned its ISO/IEC 27701:2019 certificate, which covers the provision of R&D and maintenance services of 5G NR and UME system from the British Standards Institution (BSI). Read more.
  • In May, Dickinson Wright, Detroit, Michigan received ISO/IEC 27701:2019 certification, becoming the first law firm based in Michigan and among the first law firms in the world to achieve the privacy management certification. Read more.
  • In May, Cognidox, Cambridge, United Kingdom, achieved ISO 9001 and ISO 27001 certifications for its document management solutions for the high-tech medical industry. Read more.
  • In May, Plataine, Petah Tikva, Israel, achieved its ISO 27001 certification. Plataine is a provider of IIoT and Artificial Intelligence (AI) solutions for advanced manufacturers. Read more.
  • In May, Badger Meter, Milwaukee, Wisconsin earned its ISO 27001 recertification and successfully conducted a SOC 2 Type 2 examination of its Information Security Management System (ISMS). The company manufactures flow measurement and control technology products. Schellman & Co., LLC, conducted the audits. Read more.
  • In May, Konica Minolta Business Solutions Europe, Langenhagen, Germany, earned its ISO 27001 certification. KPMG conducted the audit. The certification covers the Customer Service Remote Care (CSRC) and the printing fleet, and supporting IT infrastructure at Konica Minolta. Read more.
  • In May, Mission Essential, Herndon, Virginia, announced it earned its ISO 9001: 2015 certification. Missions Essential is a defense contractor that provides services including cultural advisory services, intelligence analysis, and operations support. Read more.
  • In May, logistics firm DB Schenker, Essen, Germany, announced all branches of DB Schenker in the Middle East and Africa are ISO certified. The certification integrates ISO 9001:2015, ISO 14001:2015, and ISO 45001:2018 management system standards in 33 locations across ten different countries in the region. Read more.
  • In May, Identiv, Fremont, California, was awarded its ISO 9001:2015 and ISO 14001:2015 certification. Identiv makes physical security and RFID-enabled access applications. Read more.
  • In May, CRMIT Solutions, Bangalore, India, announced it earned its ISO/IEC 27001:2013 certification. The company offers digital transformation expertise focused on field automation and augmented intelligence. Read more.

SOC 2 Certification

SOC 2 concerns all organizations and enterprises providing services that process and store customer data. SOC 2 reports are based on five Trust Services Criteria: security, availability, confidentiality, processing integrity, and privacy.

  • In May, Sourcetoad, Tampa, Florida, completed its 2019 SOC 2 Type 2 examination, as well as its 2019 HIPAA Security Compliance Assessment. The company builds software for cruise lines. Third-party firm 360 Advanced completed the audits. Read more.
  • In May, Massive Bio, New York, achieved Type 1 SOC 2 compliance for its digital health platforms. Massive Bio offers an AI-driven platform that connects cancer patients and their oncologists to biopharmaceutical clinical trials. Control Logics performed the audit. Read more.
  • In May, BetterNight, San Diego, California achieved SOC 2 certification under Risk Advisory Services. BetterNight is a virtual-care sleep solution. Read more.
  • In May, FreshAddress, Newton, Massachusetts, an email marketing database services company, passed its 2020 SOC 2 Type 1 audit. Read more.
  • In May, Hostirian, St. Louis, successfully completed its SOC 2 Type 2 audit for its Colocation Data Center System. Advisory firm Skoda Minotti conducted the audit. Read more.
  • In May, Fabasoft, Linz, Austria, completed its SOC 2 Type 1 certification for its Fabasoft Cloud. KPMG issued the audit report. Fabasoft is a cloud services provider in Europe. Read more.
  • In May, Cleo, Rockford, Illinois, completed its annual Soc 2 Type 2 compliance certification. Cleo provides cloud-based ecosystem integration solutions. Read more.
  • In May, health care cybersecurity firm CyberMaxx, Nashville, Tennessee, received the SOC 2 Type 2 Certification for its managed cybersecurity services by Insyte CPAs, LLC, an independent auditor. Read more.
  • In May, Engage Technologies, Brooklyn Park, Minnesota, achieved its ISO 9001:2015 certification for Quality Management Systems. Engage Technologies is a parent company to Squid Ink, Eastey, AFM, and Cogent Technologies, which make coding and marking systems, shrink packaging equipment, shrink sleeve labeling machines, and infrared ink drying systems, respectively. Read more
  • In May, Alliant National Title Insurance Co., Longmont, Colorado, completed its second-year surveillance audit and maintenance of its ISO 27001 certification for 2020. Read more.

FedRAMP Certification

The Federal Risk and Authorization Management Program (FedRAMP), is a government program that determines if the cloud products and services offered by cloud service providers are secure enough to be used by federal agencies. 

  • In May, Nutanix, San Jose, California, announced that its Xi Government Cloud has achieved the FedRAMP Authorized designation at the Moderate security impact level. Xi Cloud and Xi Frame comprise a secure app deployment platform for U.S. government customers. Read more.
  • In May, BlackBerry Limited, Waterloo, Ontario, announced that its BlackBerry® Government Mobility Suite has achieved FedRAMP authorization. BlackBerry’s Government Mobility Suite, a cloud-based endpoint management solution developed specifically for U.S. government agencies, protects sensitive data. Read more.
  • In May, Zscaler, Inc., San Jose, California, achieved FedRAMP High Authority to Operate from the FedRAMP Joint Authorization Board (JAB). Zscaler is a zero-trust remote access service. This cloud security certification lets Zscaler Private Access meet the requirements of civilian, DoD and intelligence organizations. Read more.
  • In May, U.S. government services provider Perspecta, Tysons Corner, Virginia, earned recertification as a third-party assessment organization (3PAO) under FedRAMP. Perspecta is one of fewer than 40 accredited assessors in the U.S. with this capability. Read more.
  • In May, HackerOne, San Francisco, California became the first hacker-powered security platform to earn FedRAMP Tailored Low Impact-Software as a Service (LI-SaaS) Authorization for its suite of hacker-powered security solutions. Read more.

HIPAA Compliance

Compliance with the Federal Health Insurance Portability and Accountability Act (HIPAA) ensures health care organizations protect the privacy, security, and integrity of protected health information.

  • In May, Global Upside, San Jose, California, announced that it now complies with HIPAA. Global Upside provides accounting, human resources, payroll, PEO, and talent acquisition services. Read more.
  • In May, Yoti, London, England announced it completed a HIPAA compliance readiness assessment. Yoti is an app that lets people prove their age and identity to businesses, verify details of people online, and log in to websites without having to remember passwords. Read more.
  • In May, Sigma Computing, San Francisco, California completed a HIPAA attestation, and has obtained SOC1 Type 2, SOC 3, and Privacy Shield (EU-US and Swiss-US) compliance. Sigma Computing provides SaaS cloud-native analytics and business intelligence. Read more.