Compliance Certifications

SOC II Type 2

SOCII Type 2 certification is a validation of an organization’s compliance with the Service Organization Control (SOC) 2 framework. The SOC 2 framework is designed to measure how well an organization safeguards user data and privacy, and consists of five trust service categories – security, availability, processing integrity, confidentiality, and privacy. The SOCII Type 2 certification process involves an independent auditor conducting an in-depth assessment of an organization’s internal controls related to these categories, and issuing a report that describes the effectiveness of the controls in place.

Section 508

Section 508 accessibility compliance is a validation of an organization’s adherence to federal accessibility standards established by the U.S. Access Board and incorporated into the Federal Acquisition Regulation (FAR). These standards are designed to ensure that electronic and information technology can be used by individuals with disabilities. The Section 508 compliance process involves reviewing a product’s conformance with the Revised 508 Standards, supported by a Voluntary Product Accessibility Template (VPAT) that outlines how the product meets each requirement. IVM products are fully compliant, and the applicable VPATs provided reflect the accessibility controls and features in place.

PCI DSS

PCI DSS (Payment Card Industry Data Security Standard) is a globally recognized security standard that is designed to ensure that all companies that accept, transmit, or store credit card information maintain a secure environment. The standard encompasses a range of requirements, such as implementing access controls, regular system vulnerability assessments, maintaining secure systems and applications, and monitoring and testing networks on a regular basis. PCI DSS requires companies to provide evidence of compliance through audits performed by Qualified Security Assessors (QSAs) on an annual basis, and the certification is required for any business that handles payment card data.

ISO 27001

ISO 27001 is a certification that verifies that an organization’s information security management system (ISMS) meets international standards for information security. The ISO 27001 standard is designed to ensure that an organization has established and implemented an information security framework that is appropriately tailored to its specific needs and risk profile. This includes implementing policies and procedures for the handling of sensitive information, ensuring the confidentiality, integrity and availability of information, regularly assessing risks and vulnerabilities, providing security awareness training to employees and constantly monitoring and improving the security controls in place.

CMMC Level 1

Cybersecurity Maturity Model Certification (CMMC) Level 1 is a validation of an organization’s adherence to foundational cyber hygiene practices required for safeguarding Federal Contract Information (FCI). CMMC Level 1 focuses on the implementation of basic security controls designed to protect FCI from unauthorized access or disclosure. The certification process involves an independent assessment of these practices, resulting in a report that confirms the effectiveness of the controls in place.