Certification in ISO
We’re pleased to report that Sophos has attained ISO 27001: 2022 certification for the first time! The top international standard for information security is ISO 27001: 2022, and our certification reassures clients and business partners that Sophos is serious about data security.
ISO 27001: 2022: What Is It? For whom is it intended?
The accepted global standard for information security is ISO 27001: 2022. The standard’s objective is to reassure customers that a company has successfully incorporated information security, data privacy, and ongoing improvement into its day-to-day operations.
The most widely used certification for information security is ISO 27001, despite the fact that there are many others. In addition, ISO 27001 serves as the foundation for a number of other certifications, allowing Sophos to further develop its line of information security credentials.
Our SOC2 audit program is expanding.
But hold on, there’s more! Availability and Confidentiality are two new Trust Criteria Principles that Sophos has added to our SOC 2 scope in an effort to continue reassuring our customers. Now included in our SOC 2 Type 2 report are:
- Security: Protects systems and information from unauthorized use, disclosure, disruption, modification, and destruction.
- System availability reduces downtime and disruptions by making sure systems are reliable and accessible when needed.
- By preventing unauthorized access or disclosure, confidentiality ensures the security of sensitive information.
- Privacy: Shows our dedication to safeguarding individual data’s privacy in accordance with relevant laws.
These Trust Criteria Principles concentrate on the safeguards in place to safeguard Sophos customer data, guarantee that it is handled properly, and guarantee customers ‘ access to high-quality data.
A certified CPA company or an organization approved by the American Institute of Certified Public Accountants ( AICPA ) must conduct a SOC 2 audit. Coalfire, a certified external assessor, was used by Sophos.
Sophos has a PCI score of 4.0.
Customers can be confident that a company can securely store or transmit credit card information thanks to the Payment Card Industry Data Security Standard, also known as PCIDSS. Sophos Managed Detection and Response ( MDR) has reached PCI DSS version 4.0, which we are happy to announce.
Since its March 2022 release, PCI DSS 4.0 has been implemented. Additional controls are included in this updated version to show that organizations have upgraded their access controls and security measures. Up until March 2024, the previous version, PCI DSS 3.2.1, is still in use.
Reports on the Sophos audit
Our values continue to be at the forefront of our dedication to fostering customer trust. We strive to deliver products that adhere to the strictest standards for protecting sensitive information, coupled with our committed focus on security.
Under a non-disclosure agreement ( NDA ), all Sophos audit reports and certifications may be made available to customers. Visit the Sophos Trust Center for more information and a copy request.
Why is CMMC Compliance Essential for Defense Contractors?DFARS and CMMC Compliance All U. S. Federal Agencies can now use Microsoft’s expanded free logging capabilities.(Opens in a new browser tab)for Defense Contractors
After a May breach, Microsoft expands its free logging capabilities.
(Opens in a new browser tab)Important news regarding Sophos Firewall productsNICE Webinar: Expanding Cybersecurity Learning and Workforce Opportunities for Rural Americans(Opens in a new browser tab)(Opens in a new browser tab)