The Self-Attested Compliance panel in the Security Performance Management application [ Settings ➔ Manage Compliance Claim] allows you to proactively communicate some of the key frameworks your company maintains compliance with right on your Bitsight profile. This feature also allows you to direct stakeholders to your company’s compliance program web page where they can view your program in depth and request additional documentation for independent verification.
Organizations using this feature have self-attested that they are certified in the following frameworks and/or compliant with the following regulations, as indicated. Bitsight has not independently verified any certifications or validated the organization's compliance with these regulations.
Available Compliance Frameworks
Below are the currently available compliance frameworks you can attest to within Bitsight.
| Compliance Framework | Description |
|---|---|
| SOC 2 Type 2 | Service Organizations Controls 2, Type 2 reports are the result of a year-long assessment meant to give assurance over the operation of control environments as they relate to the retrieval, storage, processing, and transfer of customer data. |
| SOC 2 Type 1 | Service Organizations Controls 2, Type 1 reports are the result of a point-in-time audit meant to give assurance over the design of control environments as they relate to the retrieval, storage, processing, and transfer of customer data. |
| ISO 22301 | International Organization for Standardization 22301 is the standard for Business Continuity Management (BCM) and is designed to help organizations prevent, prepare for, respond to and recover from unexpected and disruptive incidents. |
| ISO 27001 | International Organization for Standardization 27001 is the international information security standard for demonstrating secure management of data centers, development centers, support centers, and office sites. |
| ISO 9001 | International Organization for Standardization 9001 is the international standard for a quality management system (QMS) used to demonstrate the ability to consistently provide products/services that meet stakeholder needs within statutory and regulatory requirements. |
| FedRAMP | Federal Risk and Authorization Management Program promotes the adoption of secure cloud services across the United States government and provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud service offerings. |
| GDPR | General Data Protection Regulation is a European Union law that requires organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory. |
| HIPAA | Health Insurance Portability and Accountability Act sets the standards for protecting sensitive patient health information from being disclosed without the patient’s consent or knowledge. |
| PCI DSS | Payment Card Industry Data Security Standard is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment to reduce credit card fraud. |
| CSA STAR Level 1 | Cloud Security Alliance Security, Trust, Assurance, and Risk Level 1 is achieved by submitting self-assessments to document compliance with the CSA Cloud Controls Matrix and enables members to demonstrate their security and compliance posture. |
| CSA STAR Level 2 | Cloud Security Alliance Security, Trust, Assurance, and Risk Level 2 is achieved by successfully completing an audit using criteria from other standard frameworks and the CSA Cloud Controls Matrix and provides another layer of assurance for cloud security and privacy. |
| HITRUST | HITRUST provides a framework that helps companies safeguard sensitive information and manage risk throughout the third-party supply chain. |
| NIST CSF | The National Institute of Standards and Technology Cybersecurity Framework promotes the protection of critical infrastructure and helps practitioners manage cybersecurity-related risk. |
Frequently Asked Questions
Does Bitsight charge for this feature?
This feature is free.
Are there plans to add additional frameworks to this feature?
If there are additional frameworks that you believe should be added, please submit this as feedback to Bitsight Support or your account manager.
- December 17, 2024: Removed setup section and replaced with direct link to resource.
- June 28, 2022: Published.
Feedback
0 comments
Please sign in to leave a comment.