Prophix maintains a comprehensive set of compliance certifications to continually validate the level of trust in its solutions
We have undergone external audits designed to thoroughly test our systems and internal controls. Prophix has achieved several key industry and globally recognized certifications and have designed our internal controls against ISO 27001:2013 standards.
ISO/IEC 27001 is a globally recognized standard and code of practices to ensure proper implementation of an Information Security Management System (ISMS). The standard provides a comprehensive framework for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving a documented ISMS within the context of the organization’s overall business risks. An ISMS is a systematic approach to managing sensitive company information so that it remains secure and encompasses people, processes, and systems by applying a risk management process. Download the Prophix Cloud Services IS0/IEC 27001:2013 certificate
The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. The reports cover IT General controls and controls around availability, confidentiality, and security of customer data and are issued for 6-month periods each year.
The SOC 2 report covers controls around security, availability, processing integrity, and confidentiality of customer data.
The International Standards for Assurance Engagements (ISAE) No. 3402, Assurance Reports on Controls at a Service Organization provides an international standard for assurance over the controls at a service organization that are likely to impact or be a part of the user organization’s system of internal control over financial reporting.
The Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) encompasses the key principles of transparency , rigorous auditing, harmonization of standards, with continuous monitoring. STAR consists of three levels of assurance, which currently cover four unique offerings all based upon a succinct yet comprehensive list of cloud-centric control objectives in the CSA’s Cloud Controls Matrix (CCM). CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing.
Skyhigh Enterprise-Ready cloud services fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.