Smart Communications has achieved compliance with PCI-DSS for its SaaS co-location deployment.
PCI DSS (Payment Card Industry, Data Security Standard) is a set of comprehensive requirements for enhancing payment account data security established by international financial institutions. It was developed to support the broad adoption of consistent data security measures on a global basis.
SOC 1 and SOC 2
Smart Communications has completed SOC 1 and SOC2 Type II reports for its SaaS co-location and SaaS AWS deployments.
The American Institute of Certified Public Accountants (AICPA) has developed the Service Organization Controls (SOC) framework, a standard for controls that safeguard the confidentiality and privacy of information stored and processed in the cloud.
Smart Communications has obtained an independent third-party opinion on its compliance to HIPAA Security Criteria for its us SaaS co-location and AWS deployments.
Under the Health Information Portability and Accountability Act (HIPAA), certain information about a person’s health or health care services is classified as Protected Health Information (PHI). HIPAA applies controls in order to protect PHI.
Smart Communications has achieved ISO/IEC 27001:2013 certification for its SaaS co-location and SaaS AWS deployments.
ISO/IEC 27001 is specification for an Information Security Management System (ISMS), which is a framework for an organization's information risk management processes.
Smart Communications has completed the Information Security Registered Assessors Program (IRAP) Assessment in Australia.
IRAP ensures cloud technology providers comply to the strict security protocols defined by the Australian Signals Directorate (ASD), which supervises signals intelligence, cyber warfare, and information security throughout the country. Smart Communications AWS APAC (Sydney) Region was IRAP assessed on 18th February 2021 against the PROTECTED classification.
The Hellios Supplier Qualification System (FSQS) certification
Smart Communications is committed to responsible business practices that meet regulatory requirements and compliance standards. In order to demonstrate our commitment and credential in servicing the financial sector, we have become fully registered on the FSQS supplier qualification system.
Application Name: SmartCOMM
Veracode Verified Team builds on the security processes embedded in the development lifecycle from Verified Standard to include the following security gates:
• Assessment of open source components
• Documentation that the application does not include Very High or High flaws
• Documentation of a 60-day remediation deadline
• Identification of a Security Champion within the development team to ensure secure coding practices are used across the development lifecycle
• Provides training on secure coding best practices for the identified security champion
Third Party Risk Management
Smart Communications has completed CyberGRX assessment which has been independently validated by CyberGRX partners, Deloitte and KPMG. Customers can leverage Smart Communications ’ CyberGRX report to reduce their supplier due-diligence burden. The CyberGRX assessment methodology identifies both inherent and residual risk and uses near realtime threat analysis and independent evidence validation to provide customers with a holistic view of their third-party cyber risk posture.
The security scorecard collects billions of signals each week, helping organizations see risks, get more actionable information, and respond faster to keep up with threat actors. Security teams are able to react quickly to digital criminals, respond to Zero-Day incidents faster, and reduce the risk exposure timeline.