As more and more everyday business processes and standards are digitally transformed, the need to defend against cyber threats increases. As a result, compliance regulations and standards have been developed to create security, consistency, and governance.
For business and government agencies around the world, complying with evolving, often overlapping regulatory security standards and policies is both critical and difficult. Digital.ai enables organizations to meet the leading industry and compliance standards.
Here are the internationally recognized standards and certifications Digital.ai has attained.
ISO 27001:2019
Digital.ai is ISO 27001:2019 certified. ISO/IEC 27701:2019 is an extension of ISO/IEC 27001, the international standard for information security. This standard specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.
This standard specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.
This certification is applicable to all types of sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which are PII controllers and/or PII processors processing PII within an SMS.
SOC 2 TYPE II
A SOC II Type II audit evaluates how a cloud-based service provider handles sensitive information. The report covers how well a company’s controls are designed and how effectively they operate. The report is based on the Trust Services Criteria of security, availability, processing integrity, confidentiality, and privacy.
SOC 2 Type 2 certification requires more rigor than Type 1 certification. Type 1 evaluates policies and procedures at a specific moment in time, while Type 2 reports evaluate policies and procedures over a specified time period. Type 2 reports are typically evaluated for a minimum of 6 months.
ISO 13485
ISO 13485 is a quality management system standard for medical devices. It was created by the International Organization for Standardization (ISO) and first published in 1996. The current edition was published in 2016.
ISO 13485 is designed for organizations that design, produce, install, and service medical devices. It ensures that medical devices meet regulatory compliance laws and customer needs. It also evaluates whether a QMS is appropriate and effective.
ISO 13485 is based on the ISO 9001 process model concepts of “Plan, Do, Check, Act”. It provides more in-depth specifics than ISO 9001 to improve safety and customer satisfaction. Europe, Canada, and the USA all require ISO 13485 certification for medical devices.
FIPS 140-2
FIPS 140-2 is a U.S. government standard that defines the security requirements for cryptographic modules in information technology products. It is an international benchmark for validating the effectiveness of cryptographic hardware.
FIPS 140-2 has four levels of security, with level 1 being the least secure and level 4 being the most secure. The Federal Information Security Management Act (FISMA) requires U.S. government agencies, contractors, and third parties working for federal agencies to use FIPS 140-2 to protect sensitive data.
FIPS 140-2 compliance ensures a high degree of system security, which is critical in the protection of sensitive but unclassified information. FIPS 140-2 encryption ensures that consumer data won't be compromised in the event of a breach.
FIPS 140-2 was first published on May 25, 2001 and was last updated on December 3, 2002.
Digital.ai has applied for FIPS 140-3 certification. While no security vendor is currently 140-3 certified, Digital.ai is one of very few that is officially “under test” and we are transitioning from FIPS 140-2 to FIPS 140-3.
