The ISO 27001 standard helps organizations keep information assets secure. Using this family of standards helps us manage the security of assets such as financial information, intellectual property, employee details, and information entrusted to us by third parties. An independent body has audited our compliance with this standard and issued our ISO 27001 certificate, which required annual audits to maintain.
ISO 27017 is a set of code of practice for information security controls for cloud services, complementing ISO 27001.
ISO 27018 is the standard that is specialized in personal data protection in the cloud, complementing ISO 27001.
A SOC 2 Type 2 report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating. Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third party technology services. These reports are issued by independent third party auditors covering the principles of Security, Availability, Confidentiality, and Privacy.
Cyber Essentials is a simple but effective, United Kingdom National Cybersecurity Centre (NCSC) backed scheme for protecting an organization, whatever its size, against a whole range of the most common cyber attacks. Cyber Essentials certification has become a requirement for bidding commercial and government contracts in UK.
This certification allows us to demonstrate their level of cyber security for a realistic cost and indicates that we are taking good steps to properly protect our customers information. The IASME Governance assessment includes a Cyber Essentials assessment and GDPR requirements and is available either as a self-assessment or on-site audit.
GDPR is a regulation that harmonizes national data privacy laws throughout the EU and enhances the protection of all EU residents with respect to their personal data. This harmonization creates new rights for individuals and a set of stronger and clearer rules for businesses.
HIPAA comes with a series of regulatory standards that outline the lawful use and disclosure of protected (aka personal) health information (PHI). HIPAA compliance is regulated and enforced by the US government.
We take security seriously at Process Fusion. As part of our ongoing commitment to provide a best-in-class cloud service, we leverage independent third parties to help us strengthen our security. If you think you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.