Author: Sriganesh Iyer
Tiger Analytics is among the most trusted AI and analytics partners of numerous Fortune 500 companies. This can be directly attributed to our commitment to security and privacy, along with delivering superlative work. Our certifications and attestations stand to demonstrate the fact that securely handling the data shared by our clients and stakeholders is our top priority.
At the beginning of our triumphant journey to achieve security goals, we focused on building a robust information security framework. In order to achieve this goal, we adopted ISO/IEC 27001:2013, which is the industry’s revered information security standard from International Organization for Standardization and International Electrotechnical Commission. After we implemented the necessary framework, requirements, and control of the standard, we got ourselves certified by TÜV SÜD in 2017.
In the following years, we sustained our rigorous procedures whilst simultaneously improving our information security posture. Effectively managing Personally Identifiable Information was an important goal. In order to achieve this objective, we implemented and obtained the attestation for GDPR and HIPAA in 2019. The most recent addition to this list is the international standard for privacy information management ISO 27701:2019, which is an extension of ISO 27001:2013. The ISO 27701 has helped us define a strong foundation to manage all Personally Identifiable Information under our custody as Controller and Processor.
We undergo an annual evaluation of ISO 27001 and ISO 27701, which demonstrates our continued commitment to information security. We also undergo the SOC 2 Type II assessment, which is a rigorous inspection of information security controls from the standpoint of objective, effectiveness, and compliance.
– ISO/IEC 27001:2013
Specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
– ISO/IEC 27701:2019
It is a data privacy extension to ISO 27001. This provides guidance for organizations looking to put in place systems to support compliance with GDPR and other data privacy requirements.
– General Data Protection Regulation (EU) 2016/679 (GDPR)
It is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA).
– Health Insurance Portability and Accountability Act (HIPAA)
This sets the standard for sensitive patient data protection. Companies that deal with Protected Health Information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance.
– SSAE 18 SOC 2 Type II
This report focuses on the American Institute of Certified Public Accountant’s (AICPA) trust service principles. It examines a service provider’s internal controls and systems related to security, availability, processing integrity, confidentiality, and privacy of data.
All of these credentials make us a trusted partner to protect the security, confidentiality, integrity, and privacy of data handled in the due course of our business. Along with these, we also have various awareness initiatives to keep our employees updated on the information security and privacy objectives and processes. Along with the above-mentioned credentials, these initiatives help keep information security an integral part of Tiger’s unique culture.