THE NEW
STANDARD
IN CYBERSECURITY
Below are our supporting cybersecurity assurance services and in co-ordination with the security & compliance functions within the wider Vault UK Group. To see how we can help, contact us or press for a quote below.
HIPAA
COMPLIANCE
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) in the US must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance.
Covered entities include anyone providing treatment, payment, and operations in healthcare and business associates organisations who has access to patient information and provides support in treatment, payment, or operations must meet HIPAA Compliance. Other entities, such as subcontractors and any other related business associates must also be in compliant
PCI-DSS
PAYMENT GATEWAY
Payment Card Industry Data Security Standard (PCI-DSS) is a set of security standards designed to ensure that all organisations that accept, process, store or transmit credit card information maintain a secure environment.
At CertSure UK and our Group partners, we offer comprehensive advice, preparation, auditing, and verification of your security measures, thereby supporting you in all requirements for PCI DSS certification. With the objective of providing a clear understanding of the various requirements of the Payment Card Industry Standards and learn the intent behind each of its requirements, our training partner in Vault UK Group, also offer a comprehensive PCI-DSS training program.
ABOUT OUR
TRAINING
SOC
COMPLIANCE
System and Organization Controls (SOC) report is a way to verify that an organisation is following specific best practices related to protecting their clients' data before you outsource a business function to that organisation. They are essential to regulatory oversight, vendor management programmes, internal governance and risk management.
​
-
SOC 1 audits relate to organisations’ ICFR (internal control over financial reporting). They are conducted against the assurance standards ISAE (International Standard for Assurance Engagements) 3402 or SSAE (Statement on Standards for Attestation Engagements) 18.
-
SOC 2 audits assess service organisations’ security, availability, processing integrity, confidentiality and privacy controls against the AICPA’s (American Institute of Certified Public Accountants) TSC (Trust Services Criteria), in accordance with SSAE 18. A SOC 2 report is generally used for existing or prospective clients.
In the UK, SOC 2 audits can also be carried out against ISAE 3000.
​
ISO 27017
CLOUD SECURITY
ISO/IEC 27017 is an information security code of practice for cloud services.
It’s an extension to ISO/IEC 27001 and ISO/IEC 27002, and it provides additional security controls for cloud service providers and for cloud service customers. An organisation implementing the standard would select the relevant controls for their circumstances.
​
CertSure UK can assess against this standard for assurance our partners in the Vault UK Group can assist with implementation and management.
ABOUT OUR
TRAINING
ISO 27018
PII PROTECTION
ISO 27018 provides guidance on helping the public cloud PII processor meet their obligations, including when they are under contract to provide public cloud services.
​
The standard also helps to enable transparency, so prospective cloud service customers can access secure, well managed cloud-based PII processing services.
Help cloud services and users establish contractual agreements for processing PII.
​
CertSure UK helps provide certified assurance to give to your cloud service customers a robust audit and compliance methodology.