Frameworks We Implement and Manage

The purpose of SOC 2 compliance is to obtain proof that a company is storing and processing customer data in a secure manner.

ISO, also known as “ISO/IEC 27001” is responsible for information technology, security techniques, information security management systems, and requirements. It is the leading international standard focused on information security.

ISO/IEC 42001 is an international standard that specifies requirements for implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organizations.

PCI stands for the Payment Card Industry. It is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.

The Federal Risk and Authorization Management Program (FedRAMP) is a United States government program designed to provide a standardized approach to managing information security.

The GDPR is a relatively new set of rules designed to give EU citizens more control over their personal data. Its goal is to simplify the regulatory environment for business so citizens and businesses in the EU can maximize the benefit from the growing digital economy

CCPA is the California Consumer Privacy Act which is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States.

HIPPA is the Health Insurance Portability and Accountability Act which was passed by Congress in 1996.

HITRUST CSF is a compliance framework created by HITRUST combining various cyber security frameworks such as NIST 800-53, ISO 27001, HIPAA, PCI and more.

NIST, or the National Institute of Standards and Technology, is responsible for creating frameworks and standards that promote information security and risk management. Widely considered the gold standard of cybersecurity across many industries, NIST guidelines help organizations protect sensitive data, manage risks, and meet regulatory requirements.