Domino’s Case Study
Food Protection and Defense Institute
What Do All Our Security Certifications Tell You?
September 10, 2018
What Do All Our Security Certifications Tell You?
Every year data security becomes an even bigger headache for business as large-scale security breaches continue to affect some of the world’s biggest and best known companies. When it comes to virtual training, there exists a clear threat of content either being inadvertently leaked or deliberately hacked. Compromised content from training sessions may not be top of mind for many organizations, but it should. In addition to all the data being shared about an organization’s product development, competitive strategy, and so on, there are high consequence sessions occurring within businesses and government agencies alike that include critical information about everything from our nation’s food and water supplies to how we’re preventing and responding to terrorism. Exposure of this data puts people at risk.
In addition to security, there’s the risk of mismanaged data occurring within these sessions, which can lead to heavy fines, lawsuits and crippling reputational hits. Failure to comply with GDPR, for example, can hit an organization hard—not just because of the steep penalties but because of the damaged customer trust and brand erosion that’s likely to follow. This is why the certifications CoSo Cloud has amassed are so important. They exist to show we meet the necessary requirements for protecting our customers, but what exactly are these requirements?
Our Service Organization Control 2 Type II (SOC-II) + HITRUST certification, for starters, was secured after a services and systems evaluation of our internal data security controls and practices by auditing company Armanino. SOC-II works to validate the compliance of the company’s commercial cloud with the American Institute of Certified Public Accountants’ Trust Services Principles and Criteria for policies, communications, procedures and monitoring. We have also added controls to be in line with HITRUST, which works with healthcare, technology and information security leaders to establish a Common Security Framework that can be used by all organizations that create, access, store or exchange sensitive and/or regulated data.
We’ve also been granted the Federal Risk and Authorization Management Program (FedRAMP) Authority To Operate (ATO) at the Moderate impact level. FedRAMP is a government-wide program providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Its primary goal is to help government agencies migrate to the cloud in a secure manner by endorsing and certifying cloud service providers that have met the most rigorous testing available.
CoSo is also HIPAA-compliant. The Health Insurance Portability and Accountability Act, of course, sets the standard for protecting sensitive patient data. Any company that deals with protected health information must ensure that all the required physical, network, and process security measures are in place.
Finally, CoSo has also been added to the Department of Commerce’s list of self-certified Privacy Shield participants, which demonstrates CoSo complies with the department’s framework for the private and secure transfer of personal data from the EU and Switzerland to the US.
These certifications are all tremendously important. But when it comes to information security and privacy, people—not computers—are often the weakest link. That’s why when you’ve got people maintaining your eLearning systems, you want to make sure they know what security truly means. Our people maintain heavily safeguarded networks for 25 governmental agencies, from the Department of Defense to the Department of Homeland Security. This requires having all the deep clearances required to ensure the network—and all the sensitive information passing through it—is in safe hands. We’re accredited by all the important technology vendors. And many of us are military IT veterans with the elite training and experience that many commercial organizations simply don’t have.
Learn more about how seriously CoSo approaches the task of securing virtual training and web conferencing for our customers here.
