Skip to main content
Version: latest

Certification of Compliance

ISO 27001

ISO 27001 logo

The International Organization for Standardization 27001 Standard (ISO 27001) is one of the leading international standards focused on information security. Spectro Cloud has obtained the ISO 27001 Certification and undergoes periodic audits to maintain this certification. ISO 27001 Certification provides assurances that Spectro Cloud is identifying and managing risks effectively, consistently, and measurably.

Below are some reasons why an ISO 27001 Certification is important:

  • Customer trust and confidence: Clients and partners often look for assurances that their sensitive information is handled securely. Achieving ISO 27001 certification can enhance customer trust and confidence, potentially leading to increased business opportunities.

  • Risk Management: By implementing ISO controls and measures, companies can mitigate these risks, protecting sensitive data from unauthorized access or disclosure.

  • Legal and regulatory compliance: Adhering to ISO 27001 demonstrates a commitment to information security, which can help organizations comply with various legal and regulatory requirements related to data protection and privacy.

  • Global recognition: ISO 27001 is globally recognized. This helps organizations communicate their commitment to information security across borders.

SOC 2 Type II

soc2.webp

The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) Attestation provides assurances over control environments. Spectro Cloud’s SOC 2 Type II audit report provides assurances of our organization’s security and availability.

  • SOC 2 audits are an important component in regulatory oversight, vendor management programs, internal governance, and risk management.

  • These reports help our users and their auditors understand the controls established at Spectro Cloud to support operations and compliance.

  • Spectro Cloud’s SOC 2 Type II report is available upon request for any customers or prospects with a signed non-disclosure agreement in place.

FIPS 140-2

FIPS-Compliance

Spectro Cloud is validated against FIPS 140-2 with Certificate number 4349 in compliance with the Cryptographic Module Validation Program (CMVP).

Our Spectro Cloud Cryptographic Module is a general-purpose cryptographic library. The FIPS-enforced Palette VerteX edition incorporates the module in the Kubernetes Management Platform and the infrastructure components of target clusters to protect the sensitive information of regulated industries. Palette VerteX supports FIPS at the tenant level. For more information about the FIPS-enforced Palette edition, check out Palette VerteX.

The module is tested against these configurations:

  • Red Hat Enterprise Linux 8 on Dell PowerEdge R440 with Intel Xeon Silver 4214R with and without PAA
  • SUSE Linux Enterprise Server 15 on Dell PowerEdge R450 with Intel Xeon Silver 4309Y with and without PAA
  • Ubuntu 18.04 on Dell PowerEdge R450 with Intel Xeon Silver 4309Y with and without PAA
  • Ubuntu 20.04 on Dell PowerEdge R450 with Intel Xeon Silver 4309Y with and without PAA