Compliance and Certifications

Americas certifications

ISO/IEC 27001
ISO/IEC 27001 is an international standard for Information Security Management Systems (ISMS), providing a structured framework of processes and controls to safeguard the confidentiality, integrity, availability and authenticity of information assets against various threats.

ISO 50001
ISO 50001 sets the requirements for an Energy Management System (EnMS), guiding organizations in planning and operating energy systems efficiently by monitoring performance, conserving resources and reducing energy costs through continuous optimization of facilities and processes.

PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a globally mandated framework established by major credit card brands to ensure the secure processing, storage and transmission of cardholder data, helping organizations protect sensitive payment information and reduce the risk of data breaches.

ISAE 3402/SOC 1
ISAE 3402/SOC 1 provides assurance that a service provider has implemented effective internal controls over financial reporting, offering transparency into operational processes and security practices to help clients manage risk and meet compliance requirements.

ISAE 3000/SOC 2
ISAE 3000/SOC 2 outlines standards for managing client data across five key trust principles: security, availability, processing integrity, confidentiality and privacy. This ensures organizations maintain strong information security and effectively mitigate potential incidents.

HIPAA Security Rule
The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards to safeguard individuals' electronic personal health information (ePHI), requiring covered entities and their business associates to implement comprehensive administrative, physical, and technical safeguards that ensure the confidentiality, integrity and security of ePHI throughout its lifecycle.

NIST 800-53 High (United States)
NIST SP 800-53, developed by the US Department of Commerce and the National Institute of Standards and Technology (NIST), provides a comprehensive catalog of security and privacy controls designed to protect information systems against threats ranging from natural disasters to cyberattacks, and supports compliance with the Federal Information Security Management Act (FISMA).

APAC certifications

ISO/IEC 27001
ISO/IEC 27001 is an international standard for Information Security Management Systems (ISMS), providing a structured framework of processes and controls to safeguard the confidentiality, integrity, availability and authenticity of information assets against various threats.

ISO 50001
ISO 50001 sets the requirements for an Energy Management System (EnMS), guiding organizations in planning and operating energy systems efficiently by monitoring performance, conserving resources and reducing energy costs through continuous optimization of facilities and processes.

ISO 45001
ISO 45001 is the international standard for Occupational Health and Safety Management Systems (OH&SMS), providing a structured framework that helps organizations proactively identify and manage workplace risks, reduce incidents and injuries, comply with legal requirements and foster a culture of health, safety and continuous improvement across all levels of the organization. 

PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a globally mandated framework established by major credit card brands to ensure the secure processing, storage and transmission of cardholder data, helping organizations protect sensitive payment information and reduce the risk of data breaches.

TIA ANSI/TIA-942
TIA-942, developed by the American National Standards Institute (ANSI), establishes comprehensive standards for data centers, covering telecommunications, power and mechanical infrastructure, architectural layout, fire protection, security and monitoring systems.

ISAE 3000/SOC 2
ISAE 3000/SOC 2 outlines standards for managing client data across five key trust principles: security, availability, processing integrity, confidentiality and privacy. This ensures organizations maintain strong information security and effectively mitigate potential incidents.

OSPAR (Singapore)
Outsourced Service Provider Audit Report (OSPAR) is a cybersecurity and control assurance standard mandated by the Association of Banks (ABS) in Singapore, requiring service providers to financial institutions to undergo independent audits, typically based on ISAE 3000 or ISAE 3402, to validate that robust information security and operational controls are in place, thereby supporting risk management and regulatory compliance.

POJK (Indonesia)
POJK 11/POJK.03/2022 (Regulation of the Financial Services Authority: Peraturan Otoritas Jasa Keuangan) mandates that Indonesian commercial banks using third-party IT service providers must ensure these providers undergo independent IT audits and demonstrate robust IT controls, as part of broader efforts to strengthen IT governance and regulatory compliance.

EMEA certifications

ISO 9001
ISO 9001 defines the requirements for a Quality Management System (QMS), guiding organizations in consistently delivering high-quality services through process control, continuous improvement and compliance with client and regulatory expectations.

ISO/IEC 27001
ISO/IEC 27001 is an international standard for Information Security Management Systems (ISMS), providing a structured framework of processes and controls to safeguard the confidentiality, integrity, availability and authenticity of information assets against various threats.

In Germany, the Federal Office for Information Security (BSI) certifies an ISO 27001 variant based on IT-Grundschutz, offering a systematic, robust and comprehensive approach to information security that aligns with international standards.

ISO 22301
ISO 22301 is the international standard for Business Continuity Management Systems (BCMS), providing a structured framework to help organizations prepare for, respond to and recover from disruptive incidents, ensuring the continuity of critical operations, minimizing downtime and enabling a swift return to normal business activities.

ISO 50001
ISO 50001 sets the requirements for an Energy Management System (EnMS), guiding organizations in planning and operating energy systems efficiently by monitoring performance, conserving resources and reducing energy costs through continuous optimization of facilities and processes.

ISO 45001
ISO 45001 is the international standard for Occupational Health and Safety Management Systems (OH&SMS), providing a structured framework that helps organizations proactively identify and manage workplace risks, reduce incidents and injuries, comply with legal requirements and foster a culture of health, safety and continuous improvement across all levels of the organization.

ISO 14001
ISO 14001 is the international standard for Environmental Management Systems (EMS), providing a structured approach for organizations to manage their environmental responsibilities by monitoring resource use, minimizing waste and reducing environmental impact, while integrating sustainability into business strategy and operations.

PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a globally mandated framework established by major credit card brands to ensure the secure processing, storage and transmission of cardholder data, helping organizations protect sensitive payment information and reduce the risk of data breaches.

TISAX
The Trusted Information Security Assessment Exchange (TISAX) is a standardized assessment and exchange framework developed by the ENX Association to ensure that information security practices across the automotive industry meet defined requirements, based on the VDA Information Security Assessment (ISA), which aligns closely with ISO/IEC 27001 principles; it enables mutual recognition of audit results among participants, reducing duplication and enhancing trust in supplier networks.

§8a (3) BSIG/KRITIS (Germany)
Section 8a (3) of the German BSI Act (BSIG) mandates that operators of critical infrastructure (KRITIS) regularly demonstrate, through independent audits, that they have implemented appropriate technical and organizational measures to safeguard the availability, integrity, authenticity and confidentiality of their IT systems, components and processes essential to maintaining critical services.

EN 50600
EN 50600 is the European standard for the design, construction and operation of data centers, providing a comprehensive framework that covers everything from building structure, power supply and environmental controls to cabling, security, air-conditioning, operational management, KPIs, energy efficiency and the integration of renewable energy sources.

TIA ANSI/TIA-942
TIA-942, developed by the American National Standards Institute (ANSI), establishes comprehensive standards for data centers, covering telecommunications, power and mechanical infrastructure, architectural layout, fire protection, security and monitoring systems.

ISAE 3402/SOC 1
ISAE 3402/SOC 1 provides assurance that a service provider has implemented effective internal controls over financial reporting, offering transparency into operational processes and security practices to help clients manage risk and meet compliance requirements.

ISAE 3000/SOC 2
ISAE 3000/SOC 2 outlines standards for managing client data across five key trust principles: security, availability, processing integrity, confidentiality and privacy. This ensures organizations maintain strong information security and effectively mitigate potential incidents.

India certifications

ISO 9001
ISO 9001 defines the requirements for a Quality Management System (QMS), guiding organizations in consistently delivering high-quality services through process control, continuous improvement and compliance with client and regulatory expectations.

ISO/IEC 27001
ISO/IEC 27001 is an international standard for Information Security Management Systems (ISMS), providing a structured framework of processes and controls to safeguard the confidentiality, integrity, availability and authenticity of information assets against various threats.

ISO 22301
ISO 22301 is the international standard for Business Continuity Management Systems (BCMS), providing a structured framework to help organizations prepare for, respond to and recover from disruptive incidents, ensuring the continuity of critical operations, minimizing downtime and enabling a swift return to normal business activities.

ISO 50001
ISO 50001 sets the requirements for an Energy Management System (EnMS), guiding organizations in planning and operating energy systems efficiently by monitoring performance, conserving resources and reducing energy costs through continuous optimization of facilities and processes.

ISO 45001
ISO 45001 is the international standard for Occupational Health and Safety Management Systems (OH&SMS), providing a structured framework that helps organizations proactively identify and manage workplace risks, reduce incidents and injuries, comply with legal requirements and foster a culture of health, safety and continuous improvement across all levels of the organization.

ISO 14001
ISO 14001 is the international standard for Environmental Management Systems (EMS), providing a structured approach for organizations to manage their environmental responsibilities by monitoring resource use, minimizing waste and reducing environmental impact, while integrating sustainability into business strategy and operations.

PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a globally mandated framework established by major credit card brands to ensure the secure processing, storage and transmission of cardholder data, helping organizations protect sensitive payment information and reduce the risk of data breaches.

TIA ANSI/TIA-942
TIA-942, developed by the American National Standards Institute (ANSI), establishes comprehensive standards for data centers, covering telecommunications, power and mechanical infrastructure, architectural layout, fire protection, security and monitoring systems.

ISAE 3402/SOC 1
ISAE 3402/SOC 1 provides assurance that a service provider has implemented effective internal controls over financial reporting, offering transparency into operational processes and security practices to help clients manage risk and meet compliance requirements.

ISAE 3000/SOC 2
ISAE 3000/SOC 2 outlines standards for managing client data across five key trust principles: security, availability, processing integrity, confidentiality and privacy. This ensures organizations maintain strong information security and effectively mitigate potential incidents.