Certifications

C5:2020
In 2016, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created the Cloud Computing Compliance Criteria Catalogue (C5) as an auditing standard. It is intended for cloud service providers (CSPs), their auditors, and customers of the CSPs. C5 established a mandatory minimum baseline for cloud security and the adoption of public cloud solutions by German government agencies and organizations that work with government. C5 is also being increasingly adopted by the private sector.

California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States. The bill was passed by the California State Legislature and signed into law by Jerry Brown, Governor of California, on June 28, 2018, to amend Part 4 of Division 3 of the California Civil Code.Officially called AB-375, the act was introduced by Ed Chau, member of the California State Assembly, and State Senator Robert Hertzberg.

Cloud Security Alliance(CSA)
Cloud Security Alliance (CSA) is a not-for-profit organization with the mission to “promote the use of best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure all other forms of computing."

FedRAMP
FedRAMP stands for the “Federal Risk and Authorization Management Program.” It standardizes security assessment and authorization for cloud products and services used by U.S. federal agencies.
The goal is to make sure federal data is consistently protected at a high level in the cloud.

GDPR
The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR's primary aim is to enhance individuals' control and rights over their personal data and to simplify the regulatory environment for international business.

HIPAA
For a healthcare business to remain compliant with the guidelines and requirements set forth by the Health Insurance Portability and Accountability Act (HIPAA), it must safeguard its patients’ and clients’ personal information. An integral policy of the U.S. Department of Health and Human Services (HHS), HIPAA is a federal law that protects sensitive health information from being disclosed without the patient’s consent or knowledge.

IRAP (Information Security Registered Assessors Program)
The Australian Signals Directorate is supporting higher standards for security assessments and training through the enhanced Infosec Registered Assessor Program (IRAP).

ISO/IEC 27001
ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family.

ISO/IEC 27017
ISO/IEC 27017 is a security standard developed for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems. It was published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.It is part of the ISO/IEC 27000 family of standards, standards which provides best practice recommendations on information security management.
![The International Organization for Standardization (ISO) is an independent, non-governmental international organization with a membership of 163 national standards bodies.
ISO/IEC 27018 relates to one of the most critical components of cloud privacy: the protection of personally identifiable information (PII). This standard focuses in two ways on security controls for public-cloud service providers that process PII:
• Builds upon existing ISO/IEC 27002 controls by adding specific items for cloud privacy
• Provides entirely new security controls for personal data
NSPECT.IO Uses Google for marketplace and other operations where Google Cloud Platform, Google Workspace, Chrome, and Apigee are certified as ISO/IEC 27018 compliant.
ISO/IEC 27018 is a security standard part of the ISO/IEC 27000 family of standards. It was the first international standard about the privacy in cloud computing services which was promoted by the industry. It was created in 2014 as an addendum to ISO/IEC 27001, the first international code of practice for cloud privacy. It helps cloud service providers who process personally identifiable information (PII) to assess risk and implement controls for protecting PII.[1] It was published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.
NSPECT.IO Uses Wix for marketplace which has been audited and certified as ISO 27018 compliant. The ISO 27018 certification outlines industry best practices for handling personally Identifiable Information (PII) in a public cloud computing environment.](https://static.wixstatic.com/media/ece7be_2aeb05047443491083f924fedb9adf36~mv2.png/v1/fill/w_266,h_140,al_c,q_85,enc_auto/FR.png)
ISO/IEC 27018
ISO/IEC 27018:2019 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO/IEC information security standard 27002 and provides implementation guidance on ISO/IEC 27002 controls applicable to public cloud Personally Identifiable Information (PII). It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO/IEC 27002 control set.

ISO/IEC 27701
ISO/IEC 27701:2019 (formerly known as ISO/IEC 27552 during the drafting period) is a privacy extension to ISO/IEC 27001. The design goal is to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS).[1] The standard outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage privacy controls to reduce the risk to the privacy rights of individuals.

PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.