top of page

Certifications

A SOC 1 report documents a cloud service provider’s internal controls that may be relevant to a customer’s financial reporting. This report is particularly useful for organizations that audit financial statements. SSAE 18 / ISAE 3402 Type II The Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) created the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) to keep pace with globally recognized international accounting standards. SSAE 18 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402). SSAE 18 and ISAE 3402 are used to generate a report by an objective third party attesting to a set of assertions made by an organization about its controls. The Service Organization Controls (SOC) framework is the method by which the control of financial information is measured. NSPECT.IO Uses Google Cloud Platform for marketplace and other operations which undergoes a regular third-party audit to certify individual products against this standard.

American Institute of Certified Public Accountants (AICPA SOC1)

A Service Organization Control 1 or SOC 1 report is documentation of the internal controls that are likely to be relevant to an audit of a customer's financial statements.

Read More
The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of this report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy. SSAE 18 / ISAE 3402 Type II The AICPA created the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) to keep pace with globally recognized international accounting standards. SSAE 18 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402), both of which are used to generate a report by an objective third party attesting to a set of assertions made by an organization about its controls. The Service Organization Controls (SOC) framework is the method by which the control of financial information is measured. NSPECT.IO Uses Google Cloud Platform for marketplace and other operations which undergoes a regular third-party audit to certify individual products against this standard.

American Institute of Certified Public Accountants (AICPA SOC2)

Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five “trust service principles”—security, availability, processing integrity, confidentiality and privacy.

Read More
Like SOC 2, the SOC 3 report has been developed based on the Auditing Standards Board of the American Institute of Certified Public Accountants’ (AICPA) Trust Service Criteria (TSC). The SOC 3 is a public report of internal controls over security, availability, processing integrity, and confidentiality. SSAE 18 / ISAE 3402 Type II The AICPA created the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) to keep pace with globally recognized international accounting standards. SSAE 18 aligns closely with the International Standard on Assurance Engagements 3402 (ISAE 3402). SSAE 18 and ISAE 3402 are used to generate a report by an objective third-party attesting to a set of assertions made by an organization about its controls. The Service Organization Controls (SOC) framework is the method by which the control of financial information is measured. NSPECT.IO Uses Google Cloud Platform for marketplace and other operations which undergoes a regular third-party audit to certify individual products against this standard. Our SOC 3 reports for Google Cloud Platform and Google Workspace can be downloaded instantly.

American Institute of Certified Public Accountants (AICPA SOC3)

The SOC 3 is a public report of internal controls over security, availability, processing integrity, and confidentiality.

Read More
The California Consumer Privacy Act (CCPA) is a data privacy law that provides California consumers with a number of privacy protections, including right to access, delete, and opt-out of the “sale” of their personal information. Starting January 1, 2020, businesses that collect California residents’ personal information and meet certain thresholds (e.g., revenue, volume of data processing) will need to comply with these obligations. The California Privacy Rights Act (CPRA) is a data privacy law that amends and expands upon the CCPA. The law takes effect on January 1, 2023. Google is very committed to helping our customers meet their obligations under these data regulations by offering convenient tools and building robust privacy and security protections into our services and contracts. You can find more information about your responsibilities as a business under the CCPA on the California Office of the Attorney General’s website. NSPECT.IO Uses Google for marketplace operations which commits to CCPA.

California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States. The bill was passed by the California State Legislature and signed into law by Jerry Brown, Governor of California, on June 28, 2018, to amend Part 4 of Division 3 of the California Civil Code.Officially called AB-375, the act was introduced by Ed Chau, member of the California State Assembly, and State Senator Robert Hertzberg.

Read More
The Cloud Computing Compliance Criteria Catalogue, also referred to as C5:2020, was developed by the German Federal Office for Information Security (BSI) as a way to assess the information security of cloud services that leverage internationally recognized security standards like ISO/IEC 27001 to set a consistent audit baseline that helps establish a framework of trust between cloud providers and their customers. Google previously received an attestation for the BSI’s Cloud Computing Compliance Controls Catalog (“C5”). The BSI revised the guidance as C5:2020 in 2020. The C5:2020 expands the scope of C5 and addresses new requirements, including a section on product safety and security. C5:2020 is based on established standards, including ISO/IEC 27001, Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM), AICPA Trust Services Principles and Criteria, BSI IT-Grundschutz Catalogue, and others. However, C5:2020 adds additional transparency controls to provide information on data location, provision of services, place of jurisdiction, existing certifications, and information disclosure obligations towards government agencies. This emphasis on transparency helps potential cloud customers decide whether the cloud services meet their compliance with legal requirements like data protection, company policies, or the ability to address the threat of industrial espionage. NSPECT.IO Uses Google for marketplace and other operations which has achieved an attestation against the C5:2020 requirements. Current and potential customers can use the C5:2020 attestation as verification of compliance and as part of their assessment for using Google Cloud services.

Cloud Computing Compliance Criteria Catalogue (C5:2020)

In 2016, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created the Cloud Computing Compliance Criteria Catalogue (C5) as an auditing standard. It is intended for cloud service providers (CSPs), their auditors, and customers of the CSPs. C5 established a mandatory minimum baseline for cloud security and the adoption of public cloud solutions by German government agencies and organizations that work with government. C5 is also being increasingly adopted by the private sector.

Read More
The Cloud Security Alliance is a non-profit organization whose mission is to “promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” The CSA’s Security, Trust & Assurance Registry Program (CSA STAR) is designed to help customers assess and select a Cloud Service Provider through a three-step program of self-assessment, third-party audit, and continuous monitoring. NSPECT.IO Uses Google for marketplace and other operations which has achieved the third-party assessment-based certification (CSA STAR Level 2: Attestation) for Google Cloud Platform (GCP) and Google Workspace, resulting in a CSA Star SOC2+ report. Google is also a CSA sponsor and a member of CSA’s International Standardization Council (ISC), and a founding member of the CSA GDPR Center of Excellence. certifications and Google Cloud has been awarded four certifications from the Cloud Security Alliance (CSA). These certifications demonstrate our commitment to upholding the best practices for cloud security and compliance. With these certifications, you can have confidence in the secure services we provide, as well as our ability to help you comply with applicable regulations and industry standards. CSA will ensure that your data is secure you can comply with applicable regulations . Benefits of CSA certification is to have peace of mind that your data is safe and secure, the quality of services received are assured, hosted services meet the required industry standard

Cloud Security Alliance (CSA)

Cloud Security Alliance (CSA) is a not-for-profit organization with the mission to “promote the use of best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure all other forms of computing."

Read More
The U.S. Federal Government established the Federal Risk and Authorization Management Program (FedRAMP), a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. All Federal agency cloud deployments and service models, other than certain on-premises private clouds, must meet FedRAMP requirements at the appropriate risk impact level (Low, Moderate, or High). NSPECT.IO Uses Google Cloud Platform for marketplace and other operations . Google’s FedRAMP status is posted on the government’s website: FedRAMP Marketplace.

Federal Risk and Authorization Management Program (FedRAMP)

FedRAMP stands for the “Federal Risk and Authorization Management Program.” It standardizes security assessment and authorization for cloud products and services used by U.S. federal agencies.
The goal is to make sure federal data is consistently protected at a high level in the cloud.

Read More
The General Data Protection Regulation (GDPR) is a privacy legislation that replaced the 95/46/EC Directive on Data Protection of 24 October 1995 on May 25, 2018. GDPR lays out specific requirements for businesses and organizations who are established in Europe or who serve users in Europe. It: • Regulates how businesses can collect, use, and store personal data • Builds upon current documentation and reporting requirements to increase accountability • Authorizes fines on businesses who fail to meet its requirements NSPECT.IO Uses Google Cloud Platform and Wix for marketplace and other operations Google Cloud, prioritizes and improve the security and privacy of customer personal data. Google Cloud, supports GDPR compliance efforts by: 1. Committing in our contracts to comply with the GDPR in relation to our processing of customer personal data in all Google Cloud Platform and Google Workspace services 2. Offering additional security features that may help you to better protect the personal data that is most sensitive 3. Giving you the documentation and resources to assist you in your privacy assessment of our services 4. Continuing to evolve our capabilities as the regulatory landscape changes Wix.com is 100% committed to data protection Customer trust is Wix's absolute top priority. Wix has worked with a team of experts and have implemented the required adjustments to products, services, and documentation, to ensure compliance with the GDPR. This empowers Wix to get more control over personal data and gain the tools necessary to protect the information of visitors to Wix sites. Wix is dedicated to data protection and have effectively reinforced this over the past 10 years. Wix deploys and maintains a range of technical and organizational security measures to protect our customers’ data and assets.Wix security team leads the facilitation and development of procedures, processes and controls that govern the security and integrity of Wix and its users.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR's primary aim is to enhance individuals' control and rights over their personal data and to simplify the regulatory environment for international business.

Read More
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that establishes data privacy and security requirements for organizations that are charged with safeguarding individuals' protected health information (PHI). These organizations meet the definition of “covered entities” or “business associates” under HIPAA. Customers that are subject to HIPAA and want to utilize any Google Cloud products in connection with PHI must review and accept Google's Business Associate Agreement (BAA). Google ensures that the Google products covered under the BAA meet the requirements under HIPAA and align with our ISO/IEC 27001, 27017, and 27018 certifications and SOC 2 report. NSPECT.IO Uses Google Cloud Platform for marketplace and other operations .The Google Cloud Platform BAA covers GCP’s entire infrastructure . The Health Insurance Portability and Accountability Act of 996 (HIPAA) is a regulation designed to make it easier for American employees to maintain their health insurance coverage when they change or lose their jobs. This regulation also encourages the use of electronic health records to improve the efficiency and quality of the US healthcare system through enhanced information sharing. HIPAA includes provisions that increase the use of electronic medical records as well as ensure the security and confidentiality of protected health information (PHI). PHI includes comprehensive personal health information and health-related data, including insurance and billing information, diagnostic data, clinical care data, and laboratory results such as images and test results. HIPAA rules apply to covered organizations, including hospitals, medical service providers, employer-sponsored health plans, research facilities, and insurance companies that deal directly with patients and patient data. The HIPAA requirement that provides PHI protection also applies to partners. The Health Information Technology for Economic and Clinical Health Act (HITECH) expanded HIPAA guidelines in 2009. Together, HIPAA and HITECH set a set of federal standards to protect PHI's security and privacy. These provisions are contained in what are known as "Management Simplification" rules. HIPAA and HITECH impose requirements regarding the use and disclosure of PHI, appropriate safeguards to protect PHI, personal rights and administrative responsibilities. For more information on how health information is protected by HIPAA and HITECH, see the US Department of Health and Human Services' Health Information Privacy webpage. What is HIPAA and what does it cover? HIPAA is a federal law that protects certain medical information from unauthorized access. The law requires all healthcare providers, such as hospitals and doctor's offices, to keep health information safe and secure from unauthorized access. HIPAA specifically requires healthcare providers to take steps to: 1) Protect the privacy of PHI (Health Information) by limiting access only to those who need it for treatment or care, and; 2). Ensuring PHI security By following appropriate procedures when an individual's healthrelated information is disclosed or accessible from outside the organization. To comply with this law, you must have appropriate safety precautions. You can use encryption codes in your electronic data and prevent third parties from accessing patient information. Regulatory bodies such as the Federal Trade Commission (FTC) also look at compliance with HIPAA. How to securely share patient information The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a law that protects patients' privacy and health records. HIPAA also gives businesses the ability to safely and securely share information with their customers. If you're like most businesses, you don't know how to comply with HIPAA. In this post, we'll go over the basics of HIPAA compliance and explain some of the more common issues you may encounter. As mentioned earlier, HIPAA is a law that protects your patients' private information. This means that if you have sensitive medical information on file, such as family members' health records, you must ensure that no one outside of your company can access this information without your express consent. You will also need to consider how people outside of your company might use this information to join a particular healthcare plan or enjoy certain benefits. How to protect your business data Businesses must comply with HIPAA regulations to protect the privacy of their customers, employees and the public. The law regulates how personal information is shared with third parties, who can access that information, and whether businesses are allowed to share it. Many states have laws that allow businesses that collect business data to use anonymized names and addresses instead of real names. If your business wants to comply with HIPAA regulations without being absolutely sure that you will avoid legal liability, it is important to understand what HIPAA means for your business. Here are some basics: A company (or organization) must verify that the customer is a "qualified individual" before releasing a customer's personal health information (PHI). Qualified individuals include minors, pregnant women, and people with "physical or mental disabilities." Companies must also ensure that PHI is stored securely so that it cannot be accessed by unauthorized persons. If a third party needs access to your company's PHI, you must agree in writing what rules apply (and why) for that person to gain access from your company. How to comply with HIPAA regulations? Before using HIPAA, you need to understand a few important things about HIPAA compliance. It is important to know the difference between covered entities and covered entities that do business with other covered entities. There is also a difference between "consumers" and "individuals", so it's important to know which is which. There are three categories of businesses that must comply with HIPAA regulations: healthcare providers; health plans (businesses that sell insurance); and healthcare clearinghouses (healthcare providers). While each category has its own rules, they all share the same goal: to protect the privacy of individuals and to allow them to share their personal information with trusted third parties when necessary. Eligibility requirements for healthcare facilities One of the most important things to know about HIPAA is that it gives you and your patients the right to protect their privacy. You will want to make sure you and your employees are complying with the law… The Department of Health and Human Services (HHS) has established a set of regulations for healthcare facilities and healthcare organizations known as HIPAA. HHS has also released new guidance on HIPAA compliance for healthcare organizations, including information technology (IT) providers. If you're a healthcare facility or organization, we'd like to help you stay compliant by providing an overview of how HHS defines a "covered organization" for HIPAA purposes, as well as some key aspects of the information. privacy rule Compliance requirements for mental health services Mental health services are often covered by government-sponsored insurance plans. Ultimately, mental health is one area where businesses can make money through HIPAA compliance. The first thing you should know about HIPAA is that it is an act of Congress aimed at protecting consumer privacy and security. Compliance requirements for research organizations Sensitive health information for your patients is a popular topic among hospitals, doctors, and medical research organizations. HIPAA is the law that governs how you can share patient information. It's important to know what you need to do to comply with HIPAA regulations. Whether you're sharing data for research or marketing purposes, it's important to clearly define what information is being shared. It is also important that you tell your patients with whom their data is shared and how this information will be used. Your patients deserve to trust the way their information is processed so they can make informed decisions about their health needs.

Health Insurance Portability and Accountability Act (HIPAA)

For a healthcare business to remain compliant with the guidelines and requirements set forth by the Health Insurance Portability and Accountability Act (HIPAA), it must safeguard its patients’ and clients’ personal information. An integral policy of the U.S. Department of Health and Human Services (HHS), HIPAA is a federal law that protects sensitive health information from being disclosed without the patient’s consent or knowledge.

Read More
The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a membership of 163 national standards bodies. ISO/IEC 27701 is a global privacy standard that focuses on the collection and processing of personally identifiable information (PII). This standard was developed to help organizations comply with international privacy frameworks and laws, and focuses on three main factors : Extends the requirements of ISO/IEC 27001 and ISO/IEC 27002 to include data privacy; Provides a framework for implementing, maintaining, and continuously improving a Privacy Information Management System (PIMS); Includes requirements and guidance for organizations acting as PII controllers and PII processors. NSPCET.IO Uses Google for marketplace operations which have received an accredited ISO/IEC 27701 certification as a PII processor after undergoing an audit by an independent third party.

Information Security Management System (ISO/IEC 27701)

ISO/IEC 27701:2019 (formerly known as ISO/IEC 27552 during the drafting period) is a privacy extension to ISO/IEC 27001. The design goal is to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS).[1] The standard outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage privacy controls to reduce the risk to the privacy rights of individuals.

Read More
ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties. ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature. ISO/IEC 27001 is an international standard on how to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005 and then revised in 2013. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure.A European update of the standard was published in 2017.Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a recent large-scale study. NSPECt.IO Customer payment platform runs on WIX that Wix has been audited and certified as ISO 27001 compliant. The ISO 27001 certification outlines industry best practices for managing security risks.

Information Security Management System (ISO/IEC 27001)

ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family.

Read More
The International Organization for Standardization (ISO) is an independent, non-governmental organization with an international membership of 163 national standards bodies. The ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing: • Additional implementation guidance for relevant controls specified in ISO/IEC 27002 • Additional controls with implementation guidance that specifically relate to cloud services This standard provides controls and implementation guidance for both cloud service providers like Google and our cloud service customers. ISO/IEC 27017 provides cloud-based guidance on 37 ISO/IEC 27002 controls, along with seven new cloud controls that address: • Who is responsible for what between the cloud service provider and the cloud customer • The removal/return of assets when a contract is terminated • Protection and separation of the customer’s virtual environment • Virtual machine configuration • Administrative operations and procedures associated with the cloud environment • Customer monitoring of activity within the cloud • Virtual and cloud network environment alignment NSPECT.IO Uses Google for marketplace and other operations where Google Cloud Platform, Google Workspace, Chrome, and Apigee are certified as ISO/IEC 27017 compliant.

Information Security Management System (ISO/IEC 27017)

ISO/IEC 27017 is a security standard developed for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems. It was published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.It is part of the ISO/IEC 27000 family of standards, standards which provides best practice recommendations on information security management.

Read More
bottom of page