Forcepoint Cloud Compliance and Certifications

International Standards Organization (ISO) 27001

This security management standard specifies best practices and comprehensive security controls following the ISO 27002 best practice guidance. Forcepoint’s cloud infrastructure and services are audited once a year for ISO/IEC 27001 compliance by the British Standards Institution (BSI). Certification for Forcepoint's Web Security and Email Security.

International Standards Organization (ISO) 27018

This code of practice focuses on protecting personal data in the cloud. It provides implementation guidance on the ISO 27002 controls that are applicable to public-cloud personally identifiable information (PII). It also provides controls and guidance on public-cloud PII protection requirements not addressed by the existing ISO 27002 control set. Certification for Forcepoint's Web Security and Email Security.

Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR)

Encompassing the key principles of transparency, rigorous auditing, and harmonization of standards, CSA STAR consists of three levels of assurance. These levels currently cover four unique offerings based on the cloud-centric control objectives in the CSA Cloud Controls Matrix (CCM). Certification for Forcepoint's Web Security and Email Security.

American Institue of Certified Public Accountants Service Organization Control (AICPA SOC)1/2/3

AICPA SOC standards establish the framework for examining controls at a service organization. SOC 1 reports focus on financial reporting, while SOC 2 and 3 reports focus on non-financial reporting controls relating to security, availability, processing integrity, confidentially and privacy. SOC 2 also examines the details of data center testing and operational effectiveness. Certification for Forcepoint's Web Security and Email Security.