A compliance certification is the formal recognition by a Compliance Assessment body that an Organization meets predefined requirements related to risk and privacy management, demonstrating the ability to perform its activities with confidence. In other words, certifications bring independent confirmation that we have sound controls and processes in place to manage risk and protect our clients' data.
Digibee certification project aims to increase the confidence of customers, prospects and investors that Digibee's processes and technologies meet the latest market standards. Some customer segments require certain certifications from their platforms and partners, and Digibee is no exception.
Digibee's certification project
Digibee has chosen the Laika platform to manage the certification project, which provides the following elements:
A platform to manage and automate compliance;
Advisory support to accelerate the certification process (we have the support of a dedicated compliance architect);
Help for organizations to comply with security standards required by regulators and corporate clients, such as SOC 2, ISO 27001 and HIPAA. This project is being led by the Digibee Product team, and we aim to achieve the first certifications in 2022.
What are our ongoing certifications?
Digibee has chosen SOC 2 and PCI-DSS as the first two certifications. Below is an overview of the scope of these certifications:
SOC 2
SOC 2 (System and Organization Controls 2) is a type of audit report that certifies the reliability of services provided by a service provider organization. It is commonly used to assess the risks associated with third-party software solutions that store customer data online.
SOC 2 certification is one of the most important for any SaaS platform and usually takes about 6 months to 1 year to complete.
It is important to note that SOC 2 applies to companies operating or doing business in North America, specifically the US. However, it is also important in other locations and for SaaS platforms, this certification has become essential.
Upon completion of the SOC 2 audit, auditors provide companies with a detailed report to share with customers, partners and investors. This report includes a description of the system and the controls in place to protect data managed or transmitted through the system, as well as an assessment of the system's information security posture.
SOC 2 Type I: This is the first SOC 2 certification. It provides an overview of a period in which controls and guidelines have been applied.
SOC 2 Type II: This is a certification designed to ensure and monitor that SOC 2 Type I steps are implemented on a recurring basis.
It can only be obtained after 3 months of successful implementation of SOC 2 Type I.
After implementation, we have already met some of the requirements required by PCI-DSS (financial sector), which will reduce the overall project time to obtain these other certifications.
PCI-DSS
PCI-DSS: Payment Card Industry (PCI) compliance is required by credit card companies to ensure the security of transactions in the payments' industry. This is a highly sought after certification in the financial sector.
PCI-DSS compliance is not only a requirement to prevent identity theft, but also contains numerous best practices for detecting, preventing and remediating data breaches. Compliance with PCI-DSS also protects our organization in the event of a breach and data leak.
Final considerations
Customers and prospects who would like more information about the SOC 2 Type I report and PCI-DSS Engagement Letter can request it to their CSM or Sales team.