As more and more everyday business processes and standards are digitally transformed, the need to defend against cyber threats increases. As a result, compliance regulations and standards have been developed to create security, consistency, and governance.

For business and government agencies around the world, complying with evolving, often overlapping regulatory security standards and policies is both critical and difficult. Digital.ai enables organizations to meet the leading industry and compliance standards.

Here are the internationally recognized standards and certifications Digital.ai has attained.

ISO 27001

ISO 27001:2019

Continuous Testing

Digital.ai is ISO 27001:2019 certified. ISO/IEC 27701:2019 is an extension of ISO/IEC 27001, the international standard for information security. This standard specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.

This standard specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.

This certification is applicable to all types of sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which are PII controllers and/or PII processors processing PII within an SMS.

AICPA SOC

SOC 2 TYPE II

Intelligence, Continuous Testing

A SOC II Type II audit evaluates how a cloud-based service provider handles sensitive information. The report covers how well a company’s controls are designed and how effectively they operate. The report is based on the Trust Services Criteria of security, availability, processing integrity, confidentiality, and privacy.

SOC 2 Type 2 certification requires more rigor than Type 1 certification. Type 1 evaluates policies and procedures at a specific moment in time, while Type 2 reports evaluate policies and procedures over a specified time period. Type 2 reports are typically evaluated for a minimum of 6 months.

ISO 13485

Application Security

ISO 13485 is a quality management system standard for medical devices. It was created by the International Organization for Standardization (ISO) and first published in 1996. The current edition was published in 2016.

ISO 13485 is designed for organizations that design, produce, install, and service medical devices. It ensures that medical devices meet regulatory compliance laws and customer needs. It also evaluates whether a QMS is appropriate and effective.

ISO 13485 is based on the ISO 9001 process model concepts of “Plan, Do, Check, Act”. It provides more in-depth specifics than ISO 9001 to improve safety and customer satisfaction. Europe, Canada, and the USA all require ISO 13485 certification for medical devices.

FEDRAMP Authorized

FedRAMP Authorized

Agility

The Federal Risk and Authorization Management Program (FedRAMP®) was established in 2011 to provide a cost-effective, risk-based approach for the adoption and use of cloud services by the federal government. FedRAMP empowers agencies to use modern cloud technologies, with an emphasis on security and protection of federal information. In December 2022, the FedRAMP Authorization Act was signed as part of the FY23 National Defense Authorization Act (NDAA). The Act codifies the FedRAMP program as the authoritative standardized approach to security assessment and authorization for cloud computing products and services that process unclassified federal information.

FIPS 140-3 Inside

Key & Data Protection Module

FIPS 140-3 shall be used in designing and implementing cryptographic modules that federal departments and agencies operate or are operated for them under contract. The standard provides four increasing, qualitative levels of security intended to cover a wide range of potential applications and environments.

The security requirements cover areas related to the secure design, implementation, and operation of a cryptographic module. These areas include cryptographic module specification; cryptographic module interfaces; roles, services, and authentication; software/firmware security; operating environment; physical security; non-invasive security; sensitive security parameter management; self-tests; life-cycle assurance; and mitigation of other attacks. Key and Data Protection is FIPS 140-3 validated, Certificate # 4910