Cloud compliance

Cloud compliance

The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers and data centers are securely managed.

ISO 27017 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO 27002 and ISO 27001 standards.

The International Organization for Standardization 27018 Standard (ISO 27018) covers privacy protections for the processing of personal information by cloud service providers.

In order to establish, implement, maintain, and continually improve privacy information management systems, ISO 27701 — a privacy extension to ISO 27001 — enhances the existing information security management system with additional requirements. ISO 27701 outlines a framework for personally identifiable information (PII) controllers and PII processors to manage privacy controls to reduce risks to individuals’ privacy rights.

The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data.

The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.

Intapp security rating as rated by SecurityScorecard.com

Learn more

Intapp security rating as rated by BitsightTech.com

Learn more