Contact Us

Explore IBX™ Certifications and Standards

OR

ASAE 3402 Type II

Australian Standard on Assurance Engagements (ASAE 3402 Type II) establishes requirements and provides application and other explanatory material regarding the assurance practitioner’s responsibilities when providing a report for use by user entities and their auditors, on the controls at a service organization that provides a service to user entities that is likely to be relevant to user entities’ internal control as it relates to financial reporting

FISC

FISC Security Guidelines (Japan) The Center for Financial Industry Information Systems established the "FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions" as security guidelines for financial institutions in Japan. It describes controls and security measures related to facilities, operations, and technical infrastructure.

FedRAMP

Le Federal Risk and Authorization Management Program (FedRAMP) est un programme qui offre, à l'échelle du gouvernement, une approche standardisée pour l'évaluation de la sécurité, l'autorisation et la surveillance continue des produits et services cloud. Cette approche utilise un cadre « faire une fois, utiliser plusieurs fois » qui permettra de faire des économies sur le coût, le temps et le personnel nécessaire pour effectuer des évaluations redondantes de la sécurité des agences.

HDA

Hosting of health data is regulated under French law and aimed at protecting the confidentiality, integrity and availability of patients’ data. Such hosting activity can only be implemented by a hosting service provider (“HSP”) previously approved by the French Ministry of Health's Shared Healthcare Information Systems Agency (ASIP) via a Health Data Agreement (HDA).

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed. This includes: covered entities (CE); all treatment providers; healthcare payment and operations; business associates; personnel with access to patient information to provide support in treatment, payment or operations. Subcontractors and business associates must also follow HIPAA compliance.

ISO 14001

ISO 14001 dont la version la plus récente est ISO 1400:2015, précise les exigences d'un système de gestion environnementale que l'organisation peut utiliser pour améliorer sa performance environnementale de manière systématique, et qui contribue à la durabilité, le pilier des critères de protection de l'environnement.

ISO 22301

An international standard for Business Continuity Management (BCM), ISO 22301 replaces British standard (BS) 25999. It specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to prepare for, respond to and recover from disruptive events such as natural disasters, environmental accidents, technology mishaps and man-made crises.

ISO 27001

Un cadre des meilleures pratiques reconnu à l'international qui précise les exigences en matière de mise sur pied, de mise en œuvre, d'entretien et d'amélioration continue d'un système de gestion de la sécurité de l'information (SGSI). Le SGSI est une approche systématique de gestion des données sensibles de l'entreprise dont celles relatives aux personnes, processus et systèmes informatiques.

ISO 50001

ISO 50001, la plus récente version d'ISO 50001:2011, précise les exigences relatives à l'établissement, à la mise en œuvre, à l'entretien et à l'amélioration d'un système de gestion de l'énergie dont l'objectif est de permettre à une organisation de suivre une approche systématique pour améliorer continuellement sa performance énergétique, y compris du point de vue de l'efficacité, de l'utilisation et de la consommation. Quoique conçu pour être utilisé indépendamment, il peut être aligné sur d'autres systèmes de gestion ou y être intégré.

ISO 9001

ISO 9001 is a certified quality management system (QMS) for organizations who want to demonstrate their ability to consistently provide products and services that meet the needs of their customers and other relevant stakeholders.

NIST 800-53/FI

NIST 800-53 is published by the National Institute of Standards and Technology, which creates and promotes the standards used by federal agencies to implement the Federal Information Security Management Act (FISMA) and manage other programs designed to protect information and promote information security. Agencies are expected to meet NIST guidelines and standards within one year of publication. National security is not included in these standards.

OHSAS 18001

OHSAS 18001, also referred to as ISO 18001, is the internationally accepted and recognized management standard for occupational health and safety. The standard is used as a method of assessing and auditing occupational health and safety management systems.

OSPAR

The Outsourced Service Provider's Audit Report (OSPAR) is a report crafted by the Association of Banks in Singapore (ABS) to help financial institutions ensure that outsourced service providers have controls to fulfil the Monetary Authority of Singapore’s (MAS) Technology Risk Management and Outsourcing guidelines.

PCI DSS

The PCI Security Standards Council offers comprehensive standards and supporting materials to enhance data security for payment cards. They include a framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information at every step. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process, including prevention, detection and appropriate reaction to security incidents.

SOC 1 Type II

SOC1 is an American Institute of Certified Public Accountants (AICPA) report used to document controls relevant to an organization’s Internal Controls over Financial Reporting (ICFR). The report focuses on an organization's services provided, along with supporting processes, policies, procedures, personnel and operational activities that constitute the core activities relevant to users. The auditing standards for an SOC1 report include SSAE 18 and ISAE 3402.

SOC 2 Type II

A standard designed for technology companies, including: data centers, IT managed services, SaaS vendors, cloud-computing based businesses and other technology. SOC2 criteria is based on the Trust Services Principles (TSP) of security, availability, processing integrity, confidentiality and privacy as well as controls outside of financial reporting.

SS 564

SS 564 aide les entreprises basées à Singapour à mettre en place des systèmes et des processus visant à améliorer l'efficacité énergétique de leurs datacentres. S'inspirant du système de certification mondial ISO 50001 cette norme présente un cadre détaillé en matière de gestion de l'environnement et de l'énergie dans les datacentres, spécialement élaboré pour Singapour.

SS507

Singapore Standard for Information and Communications Technology Disaster Recovery Services (SS507) specifies requirements for the ICT DR services. These include both those provided in-house and outsourced and covers facilities and services capability and provides fallback and recovery support to an organization’s ICT systems. It includes the implementation, testing and execution aspects of disaster recovery but does not include other aspects of business continuity management.

TSI

​Trusted Site Infrastructure, développé à partir de TÜV-IT est un catalogue d'exigences sur dix domaines différents d'un datacentre dont l'environnement, la construction, la gestion des incendies, la sécurité, le câblage, l'énergie, l'air, l'organisation et la documentation.

TVRA

The Threat and Vulnerability Risk Assessment (TVRA) is a set of requirements issued by the MAS for all Singapore-based financial institutions with overseas physical presences. It is mandated as a control in the OSPAR and MAS documents. Its standard reference is the Singaporean Ministry of Home Affairs’ Guidelines for Enhancing Building Security in Singapore (GEBSS).

UpTime Institute

​As an independent advisory organization, Uptime Institute is focused on improving the performance, efficiency, and reliability of the business critical infrastructure that underlies today’s global information economy. Uptime Institute is recognized worldwide for the creation and administration of the Tier Standards & Certifications for Data Center Design, Construction (Facility) and Operational Sustainability.

americas

Atlanta

Washington DC

Chicago

Denver

Denver

Washington DC

Atlanta


americas

Atlanta

Washington DC

Chicago

Denver

Denver

Washington DC

Atlanta

SH1

  • ISO 27001
  • SOC 1 Type ii
  • SOC 2 Type ii

SH1

  • ISO 27001
  • SOC 1 Type ii
  • SOC 2 Type ii

SH1

  • ISO 27001
  • SOC 1 Type ii
  • SOC 2 Type ii