Information security is a top priority at Xevo, and as part of our commitment we received confirmation of our SOC 2, Type I compliance late last year. But that was only the first step.
We are pleased to announce that A-LIGN, an independent accredited management systems certification body, has recently confirmed that Xevo is both SOC 2, Type II compliant and ISO/IEC 27001:2013 certified.
But what are SOC and ISO, and why are they important?
SOC compliance and ISO certification demonstrate that an organization is effectively protecting any data it is responsible for, especially client and customer information. SOC stands for “system and organization controls,” and is a set of standards for measuring how well an organization protects the data it works with. Confirmation of SOC compliance is considered to be a technical audit, but it is more involved. SOC 2 is specifically designed for companies working with and storing information in the cloud, and requires companies to establish and follow strict information security policies and procedures related to safeguarding customer data.
To achieve SOC compliance, Xevo worked with an independent certified public accountant who evaluated our safeguards and procedures using criteria created by the American Institute of Certified Public Accountants (AICPA). SOC 2, Type II is the most comprehensive of SOC standards, and it confirms that “a company’s information security measures are in line with the unique parameters of today’s cloud requirements.” (ThreatStack.com)
According to IT Governance USA, ISO/IEC 27001:2013 is the international “best practices” standard for a company’s information security management system (ISMS). ISO 27001 certification independently verifies that a company is successfully applying information security best practices and that their data is adequately protected.
Xevo works hard to maintain the confidentiality of our customers’ data and these recognitions demonstrate our continued commitment to information security. Our partners can feel secure in the knowledge that if a threat arises, their information is safe with us.