We recognize the value of the data and information our clients share with us, and we take our responsibility to securely store and process those assets very seriously. To underscore our commitment to the highest standards of data protection, we have taken the necessary steps to earn the following certifications.
SOC 2 TYPE 1
Designed for service providers that store or process client data, a SOC 2 Type 1 certification means a company has the proper security measures in place to protect sensitive information. Sourcefit clients are assured that we are committed to safeguarding client data and maintaining a secure operating environment, and that we follow industry-recognized standards in fulfilling that commitment.
PCI DSS
Administered by the Payment Card Industry Security Standards Council (PCI SSC), the PCI Data Security Standards (DSS) apply to all entities that store, process, or transmit cardholder data and/or sensitive authentication data. It is a set of best practices in security requirements that are designed to protect sensitive cardholder data from breaches and fraud through strict measures such as encryption, access controls, and regular monitoring. This certification demonstrates Sourcefit’s strong commitment to securing credit card data and assures clients – especially those that handle payment information – that we are compliant with industry standards and maintain a secure and reliable business environment.
ISO 27001:2022 and ISO 27701:2019
In managing information security and data privacy, Sourcefit maintains an integrated Information Security Management System (ISMS) and Privacy Information Management System (PIMS). We are ISO 27001:2022 certified, which is the world’s best-known standard for ISMS and confirms that we have in place a system to manage risks related to the security of data we own and handle and that this system aligns with best practices and principles.
We have also earned an ISO 27701:2019 certification, which is applicable to organizations that process large amounts of personally identifiable information (PII). This certification demonstrates that we have established necessary controls to ensure that PII is properly handled, stored, and deleted in compliance with privacy laws. Our integrated approach to information security and data privacy reduces risks associated with data breaches and regulatory non-compliance. Clients can be assured that we adhere to global standards in safeguarding business information and personal data.
HIPAA
As a HIPAA (Health Insurance Portability and Accountability Act) compliant organization, Sourcefit abides by the strict guidelines set under this U.S. law regarding the handling, storage, and transmission of patients’ medical data, ensuring privacy and security. Clients in the healthcare industry or that handle sensitive data are assured that we follow stringent protocols to protect health information and take all the necessary steps to minimize the risk of data breaches.
GDPR
Enacted by the European Union to protect the personal data of EU citizens, GDPR (General Data Protection Regulation) sets strict guidelines for how organizations collect, store, and process personal data. Sourcefit is GDPR compliant, which gives our EU-based clients an additional layer of assurance that we have a keen understanding of, and are fully compliant with, our obligations as controllers and processors of personal data as set out in their law. This demonstrates our commitment to privacy and data protection, especially as our services involve large volumes of cross-border data transfers.
