Here are the following SaaS Compliance Certificates Josys adheres to:
Certificate | Description |
C5 (Germany) | Germany’s Cloud Computing Compliance Controls Catalog (C5) recommends operational security to defend against common cyber-attacks. |
CCPA | California Consumer Privacy Act grants California residents |
COBIT | Control Objectives for Information and Related Technologies is a security framework focused on ensuring the quality, control, and reliability of information systems. |
Cyber Essentials/ Cyber Essentials Plus (UK) | Cyber Essentials Plus is an industry-supported certification scheme backed by the UK Government to help organizations in demonstrating operational security to defend against common cyber-attacks. |
FedRAMP | Federal Risk and Authorization Management Program ensures cloud services meet U.S. federal security standards. |
FISMA | The Federal Information Security Management Act requires federal agencies as well as private-sector vendors to adhere to information security controls when storing and processing government data. |
GAPP | Canadian-US Generally Accepted Privacy Principles recommends a framework for managing and preventing data privacy risks of accounting. |
GDPR | EU’s General Data Protection Regulation privacy laws regulate the SaaS application to comply with the EU privacy law for transferring personal data outside Europe and the European Economic Area. |
HIPAA | Health Insurance Portability and Accountability Act protects sensitive patient health information. |
HITRUST | Health Information Trust Alliance certified healthcare organizations' data protection measures. |
ISO/IEC 27018 | An International standard for protecting personal data in the cloud. |
ISO27001 | An International standard for managing information security. |
NIST/SP800-53 | US National Institute of Standard and Technology is responsible for developing standards and guidelines to ensure compliance with the Federal Information Security Management Act (FISMA) aiming to enhance the security and privacy of Federal information systems. |
PCIDSS | Payment Card Industry Data Security Standard ensures the secure handling of credit card information. |
Privacy Shield | EU-US and Swiss-US Privacy Shield is a framework that suggests the transfer of personal data from the EU and Switzerland to the US. |
PrivacyMark | Japanese certification for organizations that manage personal data securely. |
SAS70/SSAE 16/SSAE 18 | Statement for Attestation Engagement Standards (SSAE 18), formerly known as SAS70/SSAE 16 indicates that internal control for financial reporting is aligned with globally accepted accounting principles. |
SOC-1 | Service Organization Control 1 reports on controls relevant to user entities' financial reporting. |
SOC-2 | Service Organization Control 2 reports on controls relevant to security, availability, and confidentiality. |
SOC-3 | Service Organization Control 3 provides a public summary of SOC-2 compliance International standard for managing information security. |
TrustArc | Certification of privacy management processes. |
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article