SERVICES-CADRE
Expérience réglementaire
Liste des prestations
-
SOC 2SOC 2
Service Organizational Control 2 (SOC 2) framework is a procedure for auditing service-oriented companies to assure their customers of a high-level security posture (includeing privicy processing integrity, availability and others) when using those services. This is in lieu of performing your own audit on those service providers.
-
HIPAA The Health Insurance Portability and Accountability Act of 1996 is a United States federal statute meant to provide assurance to US citizens that their healthcare information is collected, processed, stored, and transmitted for their health benefit and in a secure manner.HIPAA
-
PCI DSS The Payment Card Industry Data Security Standard (PCI DSS) is a checklist of expected security standards designed to ensure that companies who collect process, store, or transmit credit card information maintain a secure environment to prevent disclosure and misuse of the credit card information.PCI DSS
-
ISO 22301 ISO 22301 specifies requirements to implement, maintain and improve a business continuity management system to protect against, reduce the likelihood of the occurence of, prepare for, respond to, and recover from disruptions when they arise.ISO 22301
-
ITGC (SOX) IT General Controls (TIGC) is a framework of general IT and security controls that are recommended to implement to properly manage IG systems and processes. This framework is commonly used by traded companies as part of their Sarbanes-Oxley Act processes, and also by organizations implementing the CobiT framework.ITGC (SOX)
-
ISO-IEC 27001:2022 Specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization.ISO-IEC 27001:2022
-
ISO 27001:2013 ISO/IEC S27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organizationISO 27001:2013
-
ISO-IEC 27018ISO-IEC 27018
ISO/IED 27018:2019 is a common set of security categories and controls that can be implemented by a public cloud computing service provider acting as a PII processor, wishing to incorporate it into the ISMS (for certified ISO 27001 organizations)
-
ISO/IEC 27017 ISO/IEC 27017:2015 is the code of practice for cloud service customers and providers wishing to incorporate their cloud security into the SMS (for certified ISO 27001 organizations).ISO/IEC 27017
-
CSA CoC - GDPR Cloud Security Alliance (CSA) Code of Conduct is a privacy-centric framework that allows cloud service providers (CSPs) to attest to, or be audited against, a Code of Conduct for achieving GDPR compliance (when combined with a minimum security baseline, such as the CSA STAR).CSA CoC - GDPR
-
SCF - EU GDPR Secure Controls Framework (SCF) EU GDPR Compliance Criteria (EGCC) provides a "paint by numbers" approach to complying with GDPR, since GDPR is leveraging work that should already have been done through existing cybersurity and privacy program.SCF - EU GDPR
-
CSA STAR Cloud Security Alliance (CSA) Security, Trust, Assurance and Risk (STAR) is a security-centric framework that allows cloud service providers (CSPs) to attest to, or be audited against, a cloud control matrix (CCM), which is now in its 4th iteration.CSA STAR
-
NIST 800-171 Aims to protect controlled unclassified information (CUI) in non-federal systems and organizations.NIST 800-171
-
NIST CSF NIST Cybersecurity Framework (CSF) is a high-level framework aiming to assist organizations in managing cybersecurity risk. It can be implemented in a customizable manner.NIST CSF
-
NYDFS Part 500 The New York State Department of Financial Services published Cybersecurity Regulation (commonly known as Part 500) that applies to organizations operating under the Banking Law, the Insurance Law, or the Financial Services Law (considered "covered entities").NYDFS Part 500
-
TISAX ISA The Information Security Assessment (ISA) is an information security requirements catalog based on key aspects of the international standard ISO/IEC 27001. It is used by companies both for internal purposes as well as assessments by suppliers and service providers who process sensitive information from their respective companies.TISAX ISA
-
PCI-DSS SAQ A-EP PCI DSS Self-Assessment for 'Partially Outsourced E-commerce Merchants Using a Third-Party Website for Payment Processing'.PCI-DSS SAQ A-EP
-
PCI-DSS SAQ A PCI DSS Self-Assessment for 'Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced'.PCI-DSS SAQ A
-
CIS v8 The CIS Critical Security Controls (CIS Controls) are a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks.CIS v8
-
Open Finance DSS OFDSS establishes a common framework for consumer data security, privacy, and control that also supports innovation among new and emerging cloud-native, digital finance companies.Open Finance DSS
-
CMMCCMMC
The Cybersecurity Maturity Model Certification (CMMC) program is aligned to United States Department of Defense (DoD) information security requirements for Defense Industrial Base (DIB) partners. It is designed to enforce protection of sensitive unclassified information that is shared by the Department with its contractors and subcontractors.
