We’re proud to announce that Sophos has achieved our inaugural ISO 27001:2022 certification! ISO 27001:2022 is the premier worldwide commonplace for data safety and our certification offers prospects and companions with the reassurance that Sophos takes data safety severely.
What’s ISO 27001:2022? Who’s it designed for?
ISO 27001:2022 is the globally accepted commonplace for data safety. The objective of the usual is to supply assurance to prospects that a corporation has successfully built-in data safety, knowledge privateness, and continuous enchancment into its day-to-day operations.
Whereas there are numerous data safety certifications, ISO 27001 is probably the most internationally accepted certification. Moreover, ISO 27001 varieties the bedrock of many different certifications, giving Sophos a basis to additional broaden our suite of knowledge safety certifications.
Rising our SOC2 audit program
However wait…there’s extra! In our continued effort to supply assurance to our prospects, Sophos has added two new Belief Standards Rules to our SOC 2 scope: Availability and Confidentiality. Our SOC 2 Sort 2 report now contains:
- Safety: Safeguards data and methods towards unauthorized entry, use, disclosure, disruption, modification, or destruction.
- Availability: Ensures methods are resilient and accessible when wanted, minimizing downtime and disruptions.
- Confidentiality: Ensures the safety of delicate data by stopping unauthorized entry or disclosure.
- Privateness: Demonstrates our dedication to defending the privateness of particular person knowledge in accordance with relevant laws.
These Belief Standards Rules deal with what mechanisms are in place to guard Sophos buyer data, guarantee the knowledge is dealt with appropriately, and supply assurance to prospects that their data is extremely out there.
A SOC 2 audit have to be carried out by a licensed CPA firm, or an entity endorsed by the American Institute of Licensed Public Accountants (AICPA). Sophos utilized Coalfire, an accredited exterior assessor.
Sophos has achieved PCI 4.0
The Fee Card Trade Knowledge Safety Normal, or PCI DSS, is a set of standards that assures prospects that a corporation can securely retailer or transmit bank card data. We’re happy to share that Sophos Managed Detection and Response (MDR) has achieved PCI DSS model 4.0.
PCI DSS 4.0 was launched in March 2022 and has now come into impact. This revised version incorporates further controls to substantiate that organizations have carried out extra subtle safety measures and entry controls. The earlier model, PCI DSS 3.2.1, continues to be lively till March 2024.
Sharing Sophos audit stories
Our dedication to fostering buyer belief stays on the forefront of our values. Paired with our devoted deal with safety, we purpose to ship merchandise that uphold the best requirements in safeguarding delicate data.
All Sophos audit stories and certifications will be shared with Sophos prospects beneath a non-disclosure settlement (NDA). For additional particulars and to request a duplicate, go to the Sophos Belief Middle.
