Each month, Reciprocity highlights companies that have earned compliance certifications for information security frameworks.

Here’s our July 2020 roundup of compliance news from around the United States, and around the world.

PCI Certification 

PCI certification and compliance are two different, but related, designations.

PCI certification is a more rigorous process. It involves an intensive audit performed by a Qualified Security Assessor (QSA).

PCI compliance means a company follows best practices to help protect Cardholder Data (CHD) following the guidelines set by the PCI Council.

  • In June, the Qatar International Islamic Bank, Doha, Qatar, was awarded Payment Card Industry Data Security Standard v 3.2.1 (PCI-DSS) by SISA, a cybersecurity firm headquartered in Bangalore, India. Read more.
  • In June, Invoiced, Austin, Texas, an accounts receivable automation firm, earned an independent verification of PCI-DSS compliance for its cloud-based system. Invoiced’s new PCI Level 1 compliance verification builds on its existing SOC 2 and HIPAA compliance practices. Read more.

ISO Certification 

ISO standards concern many industries. The three primary ISO standards that help organize compliance for companies looking to create IT programs: IT, ISO 27001, ISO 31000, and ISO 9001.

  • In June, ITIDA, a public-private partnership between the Egyptian Ministry of Communications and Information Technology (MCIT) and the private sector, achieved the ISO/IEC 27001:2013 certification for information security. Read more.
  • In June, Waterfall Security Solutions, Rosh Haayin, Israel, an OT security company, earned its ISO/IEC 27001:2013 certification. Read more
  • In June, Crypto.com, Hong Kong, became the first cryptocurrency firm to achieve ISO/IEC 27701:2019 certification. Read more.
  • In June, Golden Race, Malta, a virtual sports and betting technologies provider, obtained its ISO 27001:2013 certification. Read more.
  • In June, ZoomInfo, Vancouver, Washington, received its ISO 27001 and SOC 2 Type II certifications. The company makes go-to-market (GTM) intelligence solutions. Read more.
  • In June, Comtech, Melville, New York, received its ISO 27001 certification. Comtech develops public safety, location, navigation, and communication technologies. Read more.
  • In June, Videonetics, Kolkata, India, an AI & DL powered video computing platform development company, earned its CMMI Level 3 Appraisal and ISO 27001:2013 certification. Read more.
  • In June, Republic Bank Ghana Limited, Accra, Ghana, a subsidiary of Republic Financial Holdings Limited of Trinidad and Tobago, attained certification to ISO/IEC 27001:2013 Information Security Management Systems standard. Read more.
  • In June, Newgioco, Rome, Italy, announced that Odissea Betriebsinformatik Beratung GmbH (“Odissea”), its wholly owned software development subsidiary, has passed Stage 1 of the ISO-27001 certification process. Read more.
  • In June, Stack Infrastructure, Denver, Colorado, a digital infrastructure firm, achieved ISO/IEC 27001:2013 compliance and renewed its SSAE18 Type 2 SOC 1, SSAE18 Type 2 SOC 2, PCI-DSS, and HIPAA certifications. Read more
  • In June, Phenom, Philadelphia, Pennsylvania, which makes an AI-powered talent experience management system, achieved ISO/IEC 27001:2013 certification. Read more.
  • In June, Meta-e Discovery, New York City, an e-discovery and litigation technology services company, earned its ISO 27001 standard certification for its information security management system (ISMS). Read more.
  • In June, United Development Company (UDC), a Qatari public shareholding company and master developer of The Pearl-Qatar and Gewan Island, has obtained five certifications, including ISO 9001 (Quality Management), ISO 14001 (Environmental Management), ISO 45001 (Occupational Health & Safety Management), ISO 27001 (Information Security Management) and ISO 18788 (Private Security Operations Management). Read more.

SOC 2 Certification

SOC 2 concerns all organizations and enterprises providing services that process and store customer data. SOC 2 reports are based on five Trust Services Criteria: security, availability, confidentiality, processing integrity, and privacy.

  • In June, Clari, Sunnyvale, California, a revenue operations platform, announced today it successfully completed its Service Organization Control (SOC) 2 Type II examination. Read more.
  • In June, Diversified, Kenilworth, New Jersey, a global technology solutions provider, announced the successful completion of a SOC 2 examination for its managed services in digital media. Read more.
  • In June, MadHive, New York City, an OTT advertising solutions firm, completed its SOC 1, SOC 2, and SOC 3 audits. Read more.
  • In June, BackChecked, Phoenix, Arizona, a SaaS provider to the background screening industry, announced that it completed a SOC 2 Type 2 audit. Read more.
  • In June, Triyam, Lexington, Kentucky, which makes EHR Data archival and conversion solutions, announced its SOC 2 Type 1 certification. Read more.
  • In June, pMD, San Francisco, California, a patient care software firm, completed its annual voluntary SOC 2 Type II and HIPAA security audits. Read more.
  • In June, Seclore, Milpitas, California, a data-centric security platform, completed SOC 2 Type 1 and Type 2 certification. Seclore has also enhanced data privacy functionality in its products per the latest GDPR guidelines. Read more.
  • In June, Torchlight, Burlington, Massachusetts, which builds an employee-caregiver support solution, completed its SOC 2 Type I certification. Read more.
  • In June, Truth Technologies, Naples, Florida, an anti-money-laundering solution, passed its 2020 SOC 2 Type 1 examination. Read more.
  • In June, ZINFI Technologies, Inc., Pleasanton, California, a partner relationship SaaS firm, passed its SOC 2 Type 1 Data Security Compliance Audit. Read more.
  • In June, Instana, Chicago, Illinois, a provider of real-time application performance management (APM) solutions for cloud-native microservice applications, announced that it successfully achieved SOC 2 Type 2 Compliance for its organization and SaaS APM solution. Read more

FedRAMP Certification

The Federal Risk and Authorization Management Program (FedRAMP), is a government program that determines if the cloud products and services offered by cloud service providers are secure enough to be used by federal agencies. 

  • In June, McAfee, Santa Clara, California, announced that McAfee MVISION Cloud is the first Cloud Access Security Broker (CASB) platform to be granted a Federal Risk and Authorization Management Program (FedRAMP) High Impact Provisional Authority to Operate (P-ATO) from the U.S. Government’s Joint Authorization Board (JAB). Read more.
  • In June, Datadog, New York City, achieved FedRAMP authorization for low-impact SaaS. Datadog is fully available in the FedRAMP marketplace as of May 14, 2020. Read more.
  • In June, AppDynamics, San Francisco, California, announced its cloud-based application performance management platform has been authorized at the moderate impact level by the FedRAMP Program Management Office (PMO). Read more.
  • In June, eTRANSERVICES, Fredericksburg, Virginia, announced that its Universal Design Platform as a Service (UDPaaS) solution has completed the Federal Risk and Authorization Management Program (FedRAMP) authorization process. Read more. 
  • In June, Everbridge, Burlington, Massachusetts, successfully renewed its Federal Risk and Authorization Management Program (FedRAMP) Agency Authorization Read more.
  • In June, Casepoint, Tysons, Virginia, an eDiscovery and litigation support platform for government clients, achieved FedRAMP Moderate Authorization. Read more.
  • In June, Global Excel, Sherbrooke, Quebec, a provider of healthcare risk management solutions, announced that it received ISO 27001:2013 certification for its Information Security Management System (ISMS). Read more.

HIPAA Compliance

Compliance with the Federal Health Insurance Portability and Accountability Act (HIPAA) ensures that health care organizations protect the privacy, security, and integrity of protected health information.

  • In June, Thrio, Calabasas, California, was awarded third-party certification for three major security and privacy standards including HIPAA, GDPR, and PCI DSS. Thrio develops a Contact Center as a Service (CCaaS) platform. Read more.
  • In June, Accusoft, Tampa, Florida, earned its HIPAA compliance and its SOC 2 examination for products OnTask and PrizmDoc Cloud. It had partnered with A-LIGN, a technology-focused compliance firm. Read more.
  • In June, Seven Bridges, Boston, Massachusetts, a bioinformatics ecosystem provider, announced the successful completion of independent examinations for SOC 2 Type 2, SOC 3, and HIPAA. The examinations were conducted by independent service auditor Schellman and Company, LLC. These additions to the Seven Bridges compliance portfolio complement its existing ISO 27001, ISO 27017, ISO 27018, and FISMA certifications. Read more.

GDPR Compliance

Compliance with the General Data Protection Regulation (GDPR) ensures the protection of personal data of European Union citizens. It was enacted in 2018 and grants eight rights to individuals regarding their personal data.

  • In June, Jatheon, Toronto, Canada, a developer of enterprise information archiving and ediscovery solutions, announced that its products and services are compliant with the General Data Protection Regulation (GDPR). Read more.

Check out our May and June roundups.