Sacumen is now ISO 27001: 2013 and SOC 2 Type I Compliant

Sacumen is proud to announce that it is now ISO 27001: 2013 and SOC 2 Type I compliant. These internationally recognized standards ensure our products and services meet client requirements through effective quality, security, and privacy management systems.

ISO 27001:2013 – Information Security Management System

An ISO 27001 information security management system is a systematic and proactive approach to effectively managing risks to the security of your company’s confidential information. The system promotes efficient management of sensitive corporate information, highlighting vulnerabilities to ensure it is adequately protected against potential threats. It encompasses people, processes, and IT systems. An ISO 27001 certification can be achieved by any business of any size, in any given sector, which is looking to increase and enhance the company’s security of its data. Information is an asset that, like other important business assets, has value to an organization and consequently needs to be suitably protected. This standard will help your company coordinate all your security efforts both electronically and physically, coherently, cost-effectively, and with consistency, and prove to potential customers that you take the security of their personal / business information seriously.

SOC Reports – SSAE 18 SOC1 and SOC2

Introduced by the AICPA (American Institute of CPAs) in the 2010s, SOC 2 is an audit that carries out a security assessment into how effectively a service organization is able to manage its data and protect the privacy of its clients. There are two types, SOC 2 Type 1 and SOC 2 Type 2. Both audits assess your organization against five key criteria, known as the five trust service principles:

• Security.
• Privacy.
• Availability.
• Confidentiality.
• Processing integrity.

A SOC 2 Type 1 audit will offer proof that the suitability of the design of your data security systems and procedures align with these trust services criteria at a given point in time. The report will detail and document your current cloud security systems and the effect of the controls. These controls could be preventative, detective, or corrective in nature. The finished SOC 2 Type 1 report offers proof that a service organization has recognized data security best practices in place.