Certification and Compliancy

What Level of Industry Security and Privacy Compliancy Has Been Achieved by the Provider?

There are two types of industry leading certification and compliance for advanced Cloud Service Providers, CICA 5970 Compliance and Certification and PCI DSS Compliance and Certification.

CICA 5970. CICA 5970 defines the professional standards, including requirements regarding compliance, security and access, backup and recovery, computer operations and facility infrastructure for service providers that manage customer data. This is a Canadian standard and is set and overseen by the Canadian Institute of Chartered Accountants. CICA 5970 is the same as SAS certification (SAS 70 is a measurement used in the United States), and is also similar to ISO 27001.

There are two levels of the CICA 5970: Type A/I and Type B/II:

Type A/I - necessary before Type B/II can be awarded. This certification signifies that a Cloud Service Provider has prepared the controls and related documents to prove that it is compliant with the CICA 5970 regulations.

Type B/II - this level is time-tested; once Type A/I certification is reached, the Cloud Service Provider must prove that its practices comply with the regulations. After one year, the practices are audited to determine that the controls/system are time-tested compliant and then certification is awarded.

PCI DSS. Payment Card Industry (PCI) Compliance requires the observance of PCI Data Security Standard (DSS) policies and procedures concerning credit card account data security. All organizations that accept, store, process or transmit credit card details must follow these standards. This multidimensional security standard includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures to ensure a controlled and secure environment for processing the sensitive information.