Certifications
Prophix maintains a comprehensive set of compliance certifications to continually validate the level of trust in its solutions.
We have undergone external audits designed to thoroughly test our systems and internal controls. Prophix has achieved several key industry and globally recognized certifications and have designed our internal controls against ISO 27001:2013 standards.
ISO/IEC 27001
ISO/IEC 27001 is a globally recognized standard and code of practices to ensure proper implementation of an Information Security Management System (ISMS). The standard provides a comprehensive framework for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving a documented ISMS within the context of the organization’s overall business risks. An ISMS is a systematic approach to managing sensitive company information so that it remains secure and encompasses people, processes, and systems by applying a risk management process.
SOC 2
The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. The reports cover IT General controls and controls around availability, confidentiality, and security of customer data and are issued for 6-month periods each year.
The SOC 2 report covers controls around security, availability, processing integrity, and confidentiality of customer data.
SOC 3
The SOC 3 report summarizes the same information found in the SOC 2 report but is intended for a general audience and does not go into the same level of detail. Download the Prophix SOC 3 Report
ISAE 3402
The International Standards for Assurance Engagements (ISAE) No. 3402, Assurance Reports on Controls at a Service Organization provides an international standard for assurance over the controls at a service organization that are likely to impact or be a part of the user organization’s system of internal control over financial reporting.
CSA STAR
The Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) encompasses the key principles of transparency , rigorous auditing, harmonization of standards, with continuous monitoring. STAR consists of three levels of assurance, which currently cover four unique offerings all based upon a succinct yet comprehensive list of cloud-centric control objectives in the CSA’s Cloud Controls Matrix (CCM). CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing.
SKYHIGH
Skyhigh Enterprise-Ready cloud services fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.
TRUSTe Enterprise Certification
TRUSTe LLC (TRUSTe), a subsidiary of TrustArc, offers a set of privacy assurance programs that enable organizations that collect or process personal information to demonstrate responsible practices consistent with regulatory expectations and standards for privacy accountability.The programs are developed using both the TrustArc Privacy & Data Governance Accountability Framework standards and the unique regulatory requirements which a program is based on.
The Enterprise Privacy Certification Standards align with the standards set forth in the TrustARc Privacy & Data Governance Framework. The framework enables organizations to design and engineer adequate privacy controls into organizational processes, products and technologies. Download the Prophix TRUSTe Certification Letter of Attestation