All Clouds Are Not Equal - Forcepoint Cloud Compliance
As part of the Cloud Trust Program, Forcepoint understands the need to demonstrate the accountability of our Cloud Infrastructure through adherence to accepted security standards. Forcepoint maintains the industry’s most comprehensive records of accreditation, including:
- Being the first security vendor to incorporate ISO/IEC 27018 controls
- The only global cybersecurity cloud gateway company that provides Tier 4 DC and Tier 1 WAN performance at all their data centers
- PCI-DSS & HIPAA compliant data centers
- AICPA SOC Type 1 & 2 reporting
Cloud Security Certifications
International Standards Organization (ISO) 27001
This security management standard specifies best practices and comprehensive security controls following the ISO 27002 best practice guidance. Forcepoint’s cloud infrastructure and services are audited once a year for ISO/IEC 27001 compliance by the British Standards Institution (BSI).
International Standards Organization (ISO) 27018
This code of practice focuses on protecting personal data in the cloud. It provides implementation guidance on the ISO 27002 controls that are applicable to public-cloud personally identifiable information (PII). It also provides controls and guidance on public-cloud PII protection requirements not addressed by the existing ISO 27002 control set.
Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR)
Encompassing the key principles of transparency, rigorous auditing and harmonization of standards, CSA STAR consists of three levels of assurance. These levels currently cover four unique offerings based on the cloud-centric control objectives in the CSA Cloud Controls Matrix (CCM).
American Institute of Certified Public Accountants Service Organization Control (AICPA SOC) 1/2/3
AICPA SOC standards establish the framework for examining controls at a service organization. SOC 1 reports focus on financial reporting, while SOC 2 and 3 reports focus on non-financial reporting controls relating to security, availability, processing integrity, confidentially and privacy. SOC 2 also examines the details of data center testing and operational effectiveness.
Created by the U.S. Department of Commerce and the European Commission and Swiss Administration in support of transatlantic commerce, the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks provide companies with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. On July 12, 2016, the European Commission deemed the EU-U.S. Privacy Shield Framework adequate to enable data transfers under EU law.
Read “All Clouds are not Equal” for more information on the importance of cloud infrastructure security standards.