November 2020: Compliance Certification Roundup

Each month, ZenGRC highlights companies that have earned compliance certifications for information security frameworks

Here’s our November 2020 roundup of recent compliance news from around the United States and the world.

PCI Certification

PCI certification and compliance are two different, but related, designations.
PCI certification is a more rigorous process. It involves an intensive audit performed by a Qualified Security Assessor (QSA).
PCI compliance means a company follows best practices to help protect Cardholder Data (CHD) following the guidelines set by the PCI Council.

In October, Teraco, Johannesburg, South Africa, a vendor-neutral data center, completed its International Standard on Assurance Engagements ISAE 3402 Type 1 attestation for the trust principles of security and availability. These new credentials supplement Teraco’s existing PCI DSS certification for physical security across its data centers in South Africa. Read more about Teraco’s certification here.
In October, Aiven, Helsinki, Finland, a tech company that combines open-source technologies with cloud infrastructure, completed its PCI DSS compliance requirements. Read more about Aiven’s certification here.
In October, BCS, Addison, Texas, a data center operations provider, successfully completed its SOC 2 Type 2 report and PCI DSS assessment. Read more about BCS’s certifications here.
In October, Baiduri Bank, Bandar Seri Begawan, Brunei, earned its PCI-DSS V3.2.1 for the seventh consecutive year. Read more about Baiduri Bank’s latest certification here.
In October, Dialog Axiata PLC, Colombo, Sri Lanka, a telecommunications service provider, earned its PCI DSS Version 3.2.1 for the fourth consecutive year for its mobile payment platform Genie. Read more about Dialog Axiata PLC’s latest certification.

ISO Certification

ISO standards concern many industries. The three primary ISO standards that help organize compliance for companies looking to create IT programs: IT, ISO 27001, ISO 31000, and ISO 9001.

In October, Doha Bank, Doha, Qatar, earned a continuation of the ISO 20000 certification for its compliance to global standards for IT Service Management. Read more about Doha Bank’s recertification.
In October, Central Warehousing Corporation, New Delhi, India, government-owned warehouse storage and handling service provider, earned its ISO 37001:2016 certification for establishing, implementing, and maintaining an Anti-Bribery Management System in the organization. Read more about Central Warehousing Corporation’s certification.
In October, Yggdrasil Gaming, Stockholm, Sweden, the worldwide publisher of online gaming content, earned an ISO/IEC 27001 certification, proving its commitment to information security standards. Read more about Yggdrasil Gaming’s certification.
In October, Geotab, Toronto, Canada, a global leader in IoT and connected transportation, earned its ISO 27001 certification, confirming the integrity of its Information Security Management System (ISMS). Learn more about Geotab’s certification.
In October, Veelo Technologies, Cincinnati, Ohio, which develops specialty materials and manufacturing technologies for next-generation composite systems, earned its AS9100D certification for its quality management system. Read more about Veelo’s certification.
In October, MyHotels, Makkah, Saudi Arabia, an online travel agency, received the ISO 9001:2015 certification for its quality management system in travel and tourism. Learn more about MyHotels’ certification.
In October, Red Mesa Science & Refining, LLC, St. George, Utah, a large-scale hemp extraction, distillation, and crystallization company, received ISO 9001:2015 certification. Read more about Red Mesa Science & Refining’s certification.

SOC 2 Certification

SOC 2 concerns all organizations and enterprises providing services that process and store customer data. SOC 2 reports are based on five Trust Services Criteria: security, availability, confidentiality, processing integrity, and privacy.

In October, Johnson & Quin, Niles, Illinois, direct mail production and integrated marketing company, announced the successful completion of the SOC 2 Type 2 examination and HIPAA security compliance assessment. Learn more about Johnson & Quin’s SOC 2 certification.
In October, TriageNow, Gilbert, Arizona, a telephonic nurse triage service, earned its SOC 2 compliance for storing customer data in the cloud. Learn more about TriageNow’s certification.
In October, Engage3, Davis, California, a software company that helps retailers and brands understand, protect and enhance their Price Image, earned its SOC 2 Type 2 certification for its services. Read more about Engage3’s certification.
In October, Lessonly, Indianapolis, Indiana, an online training software company, earned its SOC 2 Type 2 certification for managing customer data securely. Read more about Lessonly’s certification.
In October, HSB, Hartford, Connecticut, a technology subsidiary that creates connected IoT solutions, received SOC 2 Type 1 certification for its commercial IoT platform Meshify’s data security controls. Read more about HSB’s certification.
In October, Kahua, Alpharetta, Georgia, a web-based project and construction management software platform, earned its SOC 2 Type 2 certification for its cloud service systems. Read more about Kahua’s certification.
In October, Sisense, New York City, New York, an analytics platform for builders, earned its SOC 2 Type 2 certification for its Cloud Managed Service as well as security recertification of several other compliance standards, including ISO 27001, and HIPAA- HITECH and SOC 2 Type 2 for its Sisense for Cloud Data Teams. Learn more about Sisense’s certifications.
In October, Panther Labs, Fremont, California, a cybersecurity organization that specializes in cloud-scale detection and response, earned its SOC 2 Type 2 certification. Learn more about Panther Labs’ certification.
In October, Zipwhip, Seattle, Washington, a mobile phone operator company that specializes in texting for business, earned its SOC 2 and SOC 3 Type 2 certifications for security, availability, processing integrity, confidentiality and privacy. Learn more about Zipwhip’s certification.
In October, XM Cyber, Herzelyia, Israel, advanced cyber risk analytics and cloud security posture management company, earned its SOC 2 Type 2 recertification. Read more about XM Cyber’s certification.
In October, Saturn Cloud, New York City, New York, a data science platform for performance Python in the cloud, earned its SOC 2 Type 1 certification. Read more about Saturn Cloud’s certification.

FedRAMP Certification

The Federal Risk and Authorization Management Program (FedRAMP), is a government program that determines if the cloud products and services offered by cloud service providers are secure enough to be used by federal agencies.

In October, Smartronix, Hollywood, Maryland, an IT service management company, earned its FedRAMP certification for its Cloud Assured Managed Services (CAMS) to support state-of-the-art private, public, and hybrid cloud solutions for highly regulated workloads. Read more about Smartronix’s certification.
In October, Oracle Cloud Infrastructure, Redwood City, California, a cloud computing service offered by Oracle Corporation providing servers, storage, network, applications and services through a global network of Oracle Corporation managed data centers, has obtained a Provisional Authority to Operate (P-ATO) from the FedRAMP Joint Authorization Board (JAB). Read more about Oracle’s certification.
In October, ControlCase, Fairfax, Virginia, a provider of IT Security Certifications and Continuous Compliance Services, earned a FedRAMP Third Party Assessment Organization (3PAO) certification for its strategic information security and compliance programs. Read more about ControlCase’s certification.
In October, Kahua, Alpharetta, Georgia, a web-based project and construction management software platform, achieved FedRAMP Ready Status for its Construction Program Management Solution. Learn more about Kahua’s certification.
In October, SentinelOne, Mountain View, California, an autonomous cybersecurity platform company, achieved the FedRAMP designation for its information security work for the federal government. Read more about SentinelOne’s certification.
In October, Atlassian, San Francisco, California, a provider of team collaboration and productivity software, achieved FedRAMP Tailored Authorization for its cloud-based work management solution, Trello Enterprise. Read more about Atlassian’s certification.
In October, Aruba Central, Santa Clara, California, a wireless networking subsidiary of Hewlett Packard Enterprise, announced its FedRAMP “In Process” designation. Read more about Aruba Central’s designation.
In October, Acuant, Los Angeles, California, an identity verification, document authentication and fraud prevention technology services provider, received a FedRAMP Moderate Provisional Authority to Operate (P-ATO) its AssureID Connect, Ozone document recognition, and FaceID facial recognition services (COFRS). Read more about Acuant’s designation.

HIPAA Compliance

Compliance with the Federal Health Insurance Portability and Accountability Act (HIPAA) ensures that health care organizations protect the privacy, security, and integrity of protected health information.

In October, Jahia Solutions Group, Geneva, Switzerland, an open-source content management company, announced it attained HIPAA compliance. Read more about Jahia’s HIPAA certification.
In October, NYNJA, Lavallette, New Jersey, a security-first, all-in-one communications platform for mission-critical telecommunications needs, is finishing its P.L. 2020, c. 34 SOC 2 and HIPAA third-party compliance audit to complete its SOC 2 certification. Read more about NYNJA’s compliance.

In October, WheelHouse IT, Fort Lauderdale, Florida, an IT support and Managed IT Services Provider (MSP), earned its HIPAA compliance for its work managing IT for the healthcare industry. Read more about WheelHouse IT’s compliance.