Certification of Compliance
ISO 27001:2022
The International Organization for Standardization 27001 Standard (ISO 27001) is one of the leading international standards focused on information security. Spectro Cloud has obtained the ISO 27001:2022 Certification and undergoes periodic audits to maintain this certification. ISO 27001:2022 Certification provides assurances that Spectro Cloud is identifying and managing risks effectively, consistently, and measurably.
Below are some reasons why an ISO 27001:2022 Certification is important:
-
Customer trust and confidence: Clients and partners often look for assurances that their sensitive information is handled securely. Achieving ISO 27001:2022 certification can enhance customer trust and confidence, potentially leading to increased business opportunities.
-
Risk Management: By implementing ISO controls and measures, companies can mitigate these risks, protecting sensitive data from unauthorized access or disclosure.
-
Legal and regulatory compliance: Adhering to ISO 27001:2022 demonstrates a commitment to information security, which can help organizations comply with various legal and regulatory requirements related to data protection and privacy.
-
Global recognition: ISO 27001:2022 is globally recognized. This helps organizations communicate their commitment to information security across borders.
SOC 2 Type II
The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) Attestation provides assurances over control environments. Spectro Cloud’s SOC 2 Type II audit report provides assurances of our organization’s security and availability.
-
SOC 2 audits are an important component in regulatory oversight, vendor management programs, internal governance, and risk management.
-
These reports help our users and their auditors understand the controls established at Spectro Cloud to support operations and compliance.
-
Spectro Cloud’s SOC 2 Type II report is available upon request for any customers or prospects with a signed non-disclosure agreement in place.
FIPS 140-3
Spectro Cloud is validated against FIPS 140-3 with Certificate number 5061 in compliance with the Cryptographic Module Validation Program (CMVP).
Our Spectro Cloud Cryptographic Module is a general-purpose cryptographic library. The FIPS-enforced Palette VerteX edition incorporates the module in the Kubernetes Management Platform and the infrastructure components of target clusters to protect the sensitive information of regulated industries. Palette VerteX supports FIPS at the tenant level. For more information about the FIPS-enforced Palette edition, check out Palette VerteX.
The module is tested against these configurations:
- Android 13 running on Google Pixel 4a with Qualcomm Snapdragon 730 32-bit and 64-bit with and without PAA
- Android 13 running on Google Pixel 4XL with Qualcomm Snapdragon 855 32-bit and 64-bit with and without PAA
- Android 13 running on Google Pixel 5a with Qualcomm Snapdragon 765 32-bit and 64-bit with and without PAA
- Android 13 running on Google Pixel 6 Pro with Google Tensor 32-bit and 64-bit with and without PAA
- Android 13 running on Google Pixel 7 Pro with Google Tensor G2 32-bit and 64-bit with and without PAA
- Debian Linux 5.17.11 (Rodete) running on n2d with AMD EPYC 7B12 with and without PAA
- Google Prodimage with Linux 4.15.0 running on n1 with Intel Xeon E5 2696 v4 with and without PAA
- Google Prodimage with Linux 4.15.0 running on Tau t2a with Ampere Altra with and without PAA
- Google Prodimage with Linux 5.10.120 running on IN762 with and without PAA
Joint Certification Program
We maintain certification under the Joint Certification Program, a program between Canada’s Department of National Defense and the U.S. Department of Defense, that helps to protect controlled Unclassified Military Critical Technical Data (MCTD) and technology from common adversaries. Our Joint Certification Program certification establishes the eligibility of Spectro Cloud, Inc., to receive technical data governed by the Technical Data Control Regulations (TCDR).