Noname Security is proud to share that we have recently completed four key security and compliance milestones, demonstrating our commitment to security of our environments and our customer data.
We have expanded on last year’s set of controls to cover the Trust Services Criteria covering Security, Confidentiality, and Integrity in this year’s American Institute of Certified Public Accountants (AICPA) Service Organization Control (SOC) 2 Type 2 audit. SOC 2 is the most common information security attestation and considered the gold standard for US companies. This year’s audit was performed by one of the most trustworthy auditors in the industry, Schellman & Company, LLC.
Noname Security has also achieved the prestigious Cloud Security Alliance (CSA) STAR Level 2 attestation using the new Cloud Controls Matrix (CCM) Version 4.0.3 control specifications (CCM Criteria). CCM Version 4.0.3. covers a significantly more set of security controls than last year’s version. CSA is the industry standard for cloud security, and Noname Security has successfully met all of the CCM Criteria. You can find our CSA Level 1 and Level 2 status on the CSA Star Registry page at https://cloudsecurityalliance.org/star/registry/noname-security.
Noname Security has undergone an attestation validating that our information security program conforms to the applicable implementation specifications within the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the Health Information Technology for Economic and Clinical Health (HITECH) breach notification requirements, as described in HIPAA Part 164 of CFR 45, as of July 31, 2022. The testing procedures were performed based on the Office for Civil Rights (OCR) established audit inquiry procedures, as applicable, and as defined within the Office of Civil Rights (OCR) audit protocol updated as of April 2016.
This examination provides additional assurance to Noname Security healthcare customers that we will appropriately safeguard protected health information.
Noname Security has designed a platform to protect APIs trafficking in sensitive cardholder data, and without exposing our customers to additional PCI risk. We have validated that our platform does not possess or process what the Payment Card Industry Security Standards Council (PCI Council) defines as cardholder data. Additionally, we have also completed an annual PCI Data Security Standard (DSS) Attestation of Compliance (AOC). This AOC was completed against the current PCI DSS version 3.2.1 which the PCI Council will maintain through March 2024, and we plan to attest against the new PCI DSS 4.0 version for our 2023 AOC.
Please contact firstname.lastname@example.org for more information about Noname Security compliance and attestations. Existing customers can access these materials on our documentation section of the Noname platform.