SOC2, or Service Organization Control 2, is a standard developed by the American Institute of CPAs (AICPA). It's designed to assure that service providers manage and secure customer data to protect its privacy and confidentiality. The SOC2 reports focus on five trust service principles: security, availability, processing integrity, confidentiality, and privacy.

ISO27001 is an international standard issued by the International Organization for Standardization (ISO) that provides a framework for information security management systems (ISMS). It helps organizations manage and protect their information assets by addressing people, processes, and technology. The standard encompasses risk management processes, policies, and audits, and ensures the confidentiality, integrity, and availability of information.

Certified: Until September 2027

The General Data Protection Regulation (GDPR) is a regulation enacted by the European Union (EU) to protect the privacy and personal data of its citizens. It applies to all EU member states and any organizations worldwide that process personal data of EU citizens. The regulation emphasizes transparency, security and accountability by data controllers, while giving individuals greater control over their personal data, including rights to access, correct, delete, and transfer their information.

The NIS2 Directive establishes a unified legal framework to uphold cybersecurity in 18 critical sectors across the EU. It also calls on Member States to define national cybersecurity strategies and collaborate with the EU for cross-border reaction and enforcement

The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM). Publishing to the registry allows organizations to show current and potential customers their security and compliance posture, including the regulations, standards, and frameworks they adhere to. It ultimately reduces complexity and helps alleviate the need to fill out multiple customer questionnaires.

Cyber Essentials is a UK government-backed scheme that helps businesses protect themselves against the most common cyber threats. It's a self-assessment certification that focuses on five key areas: firewalls, secure configuration, access control, malware protection, and patch management.

Certified: March 2024

The NIST Cybersecurity Framework is a set of guidelines and best practices developed by the National Institute of Standards and Technology (NIST) to help organizations manage and reduce cybersecurity risks. It provides a flexible approach to cybersecurity that can be tailored to the specific needs of different organizations, regardless of their size or industry. The framework consists of five core functions: Identify, Protect, Detect, Respond, and Recover.

DORA sets uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide ICT (Information Communication Technologies)-related services to them, such as cloud platforms or data analytics services.