Emarsys has undergone a comprehensive third-party assessment of its data security risks including all the processes for managing information security. Emarsys has met the requirements for:
- ISO 27001:2013 (International Standard for Information Security Management)
- ISO 27018:2014 (Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors)
- SOC 2 (Service Organization Control 2)
These certifications should inspire confidence in our customers as it demonstrates our commitment to protecting their valuable information assets, and that their data is safe in our hands.
As part of these certifications, Emarsys is regularly audited to ensure that these international standards are continuously met and adhered to, ensuring peace of mind for our customers. A copy of our certificates is available on demand from Emarsys Support.
Our security measures also regularly undergo an independent assessment by a recognized third party in the form of a SOC 2 Type II report.
What is ISO 27001?
ISO 27001 is an internationally-recognized standard defining how corporate information security should be organized and is the foundation of all information security management.
ISO 27001 describes itself as specifying the requirements for "establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization’s overall business risks."
Certification is performed by an independent body which will only issue a certificate of compliance when all the relevant requirements are met. Being certified as ISO 27001 compliant reassures partners and customers that Emarsys meets the very highest standards of security, as laid out by the governing body.
You can read more about ISO 27001 at: http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=42103.
What is ISO 27018?
ISO27018 is an addition to ISO27001. It covers the supplementary requirements relevant to cloud providers dealing with personal data.
What is SOC 2 Type II?
SOC 2 concerns the internal controls in place at the third-party service organization. For a company to receive SOC 2 certification, it must have sufficient policies and strategies that satisfactorily protect their clients' data.
Type II reports (as opposed to Type I, where only the design of controls is reported on) also verifies the effectiveness of those controls.