Forcepoint understands the need to demonstrate accountability of our cloud infrastructure through adherence to accepted cloud compliance and security standards. Forcepoint maintains the industry’s most comprehensive records of accreditation:
International Standards Organization (ISO) 27001
This security management standard specifies best practices and comprehensive security controls following the ISO 27002 best practice guidance. Forcepoint’s cloud infrastructure and services are audited once a year for ISO/IEC 27001 compliance by the British Standards Institution (BSI). Certification for Forcepoint's Web Security and Email Security.
International Standards Organization (ISO) 27018
This code of practice focuses on protecting personal data in the cloud. It provides implementation guidance on the ISO 27002 controls that are applicable to public-cloud personally identifiable information (PII). It also provides controls and guidance on public-cloud PII protection requirements not addressed by the existing ISO 27002 control set. Certification for Forcepoint's Web Security and Email Security.
Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR)
Encompassing the key principles of transparency, rigorous auditing, and harmonization of standards, CSA STAR consists of three levels of assurance. These levels currently cover four unique offerings based on the cloud-centric control objectives in the CSA Cloud Controls Matrix (CCM). Certification for Forcepoint's Web Security and Email Security.
American Institue of Certified Public Accountants Service Organization Control (AICPA SOC)1/2/3
AICPA SOC standards establish the framework for examining controls at a service organization. SOC 1 reports focus on financial reporting, while SOC 2 and 3 reports focus on non-financial reporting controls relating to security, availability, processing integrity, confidentially and privacy. SOC 2 also examines the details of data center testing and operational effectiveness. Certification for Forcepoint's Web Security and Email Security.
Created by the U.S. Department of Commerce and the European Commission and Swiss Administration in support of transatlantic commerce, the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks provide companies with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. On July 12, 2016, the European Commission deemed the EU-U.S. Privacy Shield Framework adequate to enable data transfers under EU law. Certification for Forcepoint's Web Security, Email Security, Cloud Access Security Broker (CASB), and Advanced Malware Detection (AMD).