We’re proud to announce that Sophos has achieved our inaugural ISO 27001:2022 certification! ISO 27001:2022 is the premier worldwide customary for info safety and our certification gives prospects and companions with the peace of mind that Sophos takes info safety severely.

What’s ISO 27001:2022? Who’s it designed for?

ISO 27001:2022 is the globally accepted customary for info safety.  The aim of the usual is to offer assurance to prospects that a company has successfully built-in info safety, information privateness, and continuous enchancment into its day-to-day operations.

Whereas there are a lot of info safety certifications, ISO 27001 is probably the most internationally accepted certification. Moreover, ISO 27001 types the bedrock of many different certifications, giving Sophos a basis to additional increase our suite of knowledge safety certifications.

Rising our SOC2 audit program

However wait…there’s extra! In our continued effort to offer assurance to our prospects, Sophos has added two new Belief Standards Ideas to our SOC 2 scope: Availability and Confidentiality. Our SOC 2 Kind 2 report now contains:

• Safety: Safeguards info and methods towards unauthorized entry, use, disclosure, disruption, modification, or destruction.
• Availability: Ensures methods are resilient and accessible when wanted, minimizing downtime and disruptions.
• Confidentiality: Ensures the safety of delicate info by stopping unauthorized entry or disclosure.
• Privateness: Demonstrates our dedication to defending the privateness of particular person information in accordance with relevant rules.

These Belief Standards Ideas give attention to what mechanisms are in place to guard Sophos buyer info, guarantee the knowledge is dealt with appropriately, and supply assurance to prospects that their info is very obtainable.

A SOC 2 audit should be carried out by an authorized CPA firm, or an entity endorsed by the American Institute of Licensed Public Accountants (AICPA). Sophos utilized Coalfire, an accredited exterior assessor.

Sophos has achieved PCI 4.0

The Fee Card Business Knowledge Safety Normal, or PCI DSS, is a set of standards that assures prospects that a company can securely retailer or transmit bank card info. We’re happy to share that Sophos Managed Detection and Response (MDR) has achieved PCI DSS model 4.0.

PCI DSS 4.0 was launched in March 2022 and has now come into impact. This revised version incorporates further controls to substantiate that organizations have carried out extra subtle safety measures and entry controls. The earlier model, PCI DSS 3.2.1, continues to be energetic till March 2024.

Sharing Sophos audit reviews

Our dedication to fostering buyer belief stays on the forefront of our values. Paired with our devoted give attention to safety, we purpose to ship merchandise that uphold the best requirements in safeguarding delicate info.

All Sophos audit reviews and certifications could be shared with Sophos prospects underneath a non-disclosure settlement (NDA). For additional particulars and to request a duplicate, go to the Sophos Belief Heart.