Today, more than ever, it’s important that vendors are proving they are properly protecting their customer data. The completion of Service Organization Control (SOC) 2 Type 2 compliance demonstrates the maturity of our security and control environment, at Netsurion. This means that we meet all five of the American Institute of Certified Public Accountants (AICPA) Trust Services Criteria for internal controls relevant to security, availability, processing integrity, confidentiality, and privacy.

AICPA SOC
ISO 27001

ISO/IEC 27001 is the world’s best-known standard for information security management systems (ISMS) and their requirements. Additional best practice in data protection and cyber resilience are covered by more than a dozen standards in the ISO/IEC 27000 family. Together, they enable organizations of all sectors and sizes to manage the security of assets such as financial information, intellectual property, employee data and information entrusted by third parties.

ISO 20000 is a global standard that describes the requirements for an Information Technology Service Management (ITSM) System. ISO 20000 is comprised of two parts: a specification for IT Service Management (ISO 20000-1) and a code of practice for service management (ISO 20000-2). The ISO 20000 Foundation Certification is considered to impart knowledge of how to implement business strategies in accordance with the ISO 20000 framework. By implementing ISO 20000 within the architecture of the organization, businesses can identify which services have deviated from the actual plan and how it can be improved without increasing the cost.

ISO 20000
PCI DSS Compliant

The Payment Card Industry is a private industry group set up by the major credit card companies to define standards for companies that process credit card transactions. The Data Security Standard was defined to prevent credit card fraud, hacking and other security issues. A company processing, storing, or transmitting credit card numbers must be PCI DSS compliant or they risk losing the ability to process credit card payments. The PCI DSS includes requirements covering network security, data protection, vulnerability management, access control, monitoring and testing, and information security.

According to the PCI data security standard, an organization must be able to monitor, report, and alert on attempted or successful access to systems and data security for those applications that contain sensitive cardholder data, and explicitly calls for the collection and monitoring of event logs.

The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic
commerce. On July 12, 2016, the European Commission deemed the EU-U.S. Privacy Shield Framework adequate to enable data transfers under EU law. On January 12, 2017, the Swiss Government announced the approval of the Swiss-U.S. Privacy Shield Framework as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States.

privacy shield

Report a Vulnerability

You can report a suspected vulnerability at any time.
Our team is devoted to this effort and appreciate any input.

Report Vulnerability

By submitting this form, you consent to being contacted by Netsurion about Netsurion solutions. If you want more information on how we collect and use your personal data, please read our privacy notice. You may withdraw your consent at any time by following the instructions contained within any Netsurion email.