| ISO 27001 |
TUV Nord CERT GmbH |
ISO 27001, formally known as ISO/IEC 27001:2013, is an information security standard created by the International Organization for Standardization (ISO), which provides a framework and guidelines for establishing, implementing and managing an information security management system (ISMS). |
Global |
Valid from 30.03.2022
Valid until 29.03.2025
|
| ISO 27701 |
TUV Nord CERT GmbH |
ISO 27701, also abbreviated as PIMS (Privacy Information Management System) outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage data privacy. Privacy information management systems are sometimes referred to as personal information management systems.
|
Global |
Valid from 30.03.2022 Valid until 29.03.2025 |
| ISO 22301 |
TUV Nord CERT GmbH |
ISO 22301 is designed to help organizations prevent, prepare for, respond to and recover from unexpected and disruptive incidents. |
Global |
Valid from 30.03.2022
Valid until 29.03.2025 |
| SOC 2 Type 2 / ISAE 3000 |
KPMG |
SOC 2 Report is a report on controls at a Service Organization relevant to Trust Service Categories - Security, Availability, Processing Integrity, Confidentiality and Privacy of systems and infrastructure.
ISAE 3000 is the reporting standard for SOC 2 report.
|
Global |
(Period)
01.10.2022 to 30.09.2023 |
| SOC 1 Type 2 / International Standard on Assurance Engagements No. 3402 (ISAE 3402)/ SSAE 16 |
KPMG / Deloitte
|
- A SOC 1 Report is a report on controls at a Service Organization which are relevant to user entities' internal control over financial reporting.
- International Standard on Assurance Engagements (ISAE) 3402 is the attestation standard issued by the International Auditing and Assurance Standards Board (IAASB) is the reporting standard for SOC 1 report. |
Account Specific |
Annual |
| PCI-DSS |
Panacea / PCI (Payment Card Industry ) Standards Council
|
PCI-DSS Panacea / PCI (Payment Card Industry ) Standards Council Certification for entities that store, process or transmit cardholder data utilizing the PCI Data Security Standards (DSS) as the assessment framework
|
Account / Processes Specific |
Annual |
| Cyber Essentials Plus |
ProCheckUp |
Cyber Essentials is a United Kingdom government information assurance scheme that is operated by the National Cyber Security Centre (NCSC). Cyber Essentials includes an assurance framework and set of security controls to protect information from threats coming from the internet. |
Whole Organization |
Valid from 24.07.2024 Valid until 25.07.2025
|
| Cyber Essentials |
ProCheckUp |
Cyber Essentials is a United Kingdom government information assurance scheme that is operated by the National Cyber Security Centre (NCSC). Cyber Essentials includes an assurance framework and set of security controls to protect information from threats coming from the internet. |
Whole Organization |
Valid from 29.06.2024 Valid until 29.06.2025
|
| Data Protection Trust Mark |
IMDA, Singapore |
The Data Protection Trustmark (DPTM) is a voluntary enterprise-wide certification developed by the Info-communications Media Development Authority (IMDA) to help organizations demonstrate accountable data protection practices and verify their conformance to personal data protection standards. The DTPM is needed for all Singapore Public Sector RFP's. |
Singapore |
Valid from 29.11.2024 Valid until 28.11.2027
|