Editor’s Note: This story was originally published on July 26, 2024. We updated it on Aug.26, 2024, to include additional information.
Mersive Technologies has achieved certification to ISO/IEC 27001:2022, an internationally recognized standard of requirements for an Information Security Management System (ISMS). In August, the company also achieved SOC 2 Type I and II Security Attestation.
Per a statement, the independent assessment was performed by BARR Certifications. BARR Certifications is an ANAB-accredited auditing firm that serves as a trusted advisor to cloud-based and hybrid organizations around the world aiming to build trust and resilience through cybersecurity compliance.
ISO/IEC 27001:2022 Certification
Photo courtesy: RISE Media Strategy/Mersive Technologies
To obtain this gold standard in certification, a company must clearly demonstrate an ongoing, structured approach to data management, the statement notes.
“Given the ever-increasing importance of data security in today’s interconnected world, this [certification] is a major milestone for Mersive Technologies,” says Alan Young, chief product officer and chief information security officer for Mersive. “It cements our unwavering commitment to securing and protecting the data of our valued customers. We hope this certification inspires confidence and assures our customers and partners that we view data security as a top priority.”
SOC 2 Certification
A SOC 2 report is designed to meet the needs of existing or potential customers who need assurance about the effectiveness of controls used by the service organization to process customers’ information. A SOC 3 report is similar in scope but is shorter and allows for more general distribution.
The following principles and related criteria have been developed by the American Institute of CPAs (AICPA) for use by practitioners in the performance of trust services engagements:
- Security: The system is protected against unauthorized access (both physical and logical).
- Availability: The system is available for operation and use as committed or agreed.
- Processing Integrity: System processing is complete, valid, accurate, timely, and authorized to meet the entity’s objectives.
- Confidentiality: Information designated as confidential is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, disclosed, and disposed of to meet the entity’s objectives.
HIPAA Security Rule Requirements: The system is compliant with the applicable HIPAA Security Rule requirements set forth in the U.S. Department of Health and Human Services’ (HHS) Health Information Portability and Accountability Act.
Based on one or more of these criteria, SOC 2 reports provide valuable information that existing and potential customers of the service organization need to assess and address the risks associated with an outsourced service.
SOC 3 reports are public-facing reports for general use that communicate that an organization’s controls are properly designed, implemented and operating effectively. To obtain a copy of Mersive’s SOC 2 or SOC 3 reports, contact [email protected].
