Arkose Labs Compliance Program

Security, privacy, and compliance are critical to Arkose Labs as customers rely on us to help secure their systems as a provider of a security solution in bankrupting the business model of fraud. Arkose Labs has a dedicated Information Security department responsible for responding to customer requirements regarding Arkose products, maintain compliance and security standards throughout the organization, ensure data privacy and validate company-wide security controls.

Our Compliance Certifications

Arkose Labs currently holds Certificates of Registration for ISO/IEC 27001:2013 and ISO/IEC 27701:2019 as well as Certificates of Conformity for ISO/IEC 27002:2013 and ISO/IEC 27018:2019.

ISO/IEC 27001:2013

Specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS) within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

ISO/IEC 27002:2013

It is an extension of ISO/IEC 27001:2013 which provides guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment.

ISO/IEC 27018:2019

Adds new guidelines, enhancements, and security controls to the ISO/IEC 27001 and ISO/IEC 27002 standards, which help cloud service providers better manage the data security risks unique to Personally Identifiable Information (PII) in cloud computing.

ISO/IEC 27701:2019

Is mapped to specify requirements and provide guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System. (PIMS) as an extension to ISO/IEC 27001 and ISO/IEC 27002.

American Institute of Certified Public Accountants (AICPA) has developed SOC for Service Organizations’ reporting standards. Meeting SOC requirements is an indication that Arkose Labs has the necessary controls in place to ensure our customers’ valuable data is protected on an ongoing basis.

SOC 1® Type 2

SOC 1 is an audit report that focuses on a description of a service organization's control and the suitability of how those controls are designed to achieve the control objectives over a specific period of time.

SOC 2® Type 2

SOC 2 addresses a service organization's controls that relate to operations and compliance, as outlined by the AICPA Trust Services criteria in relation to availability, security, processing integrity, confidentiality and privacy.

Data Privacy Regulations

GDPR

General Data Protection Regulation (GDPR) is a regulation on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It imposes obligations onto organizations worldwide that target or collect personal data from residents of the European Union, and provides those residents with a number of rights and protections with respect to data ownership and privacy.

CCPA

California Consumer Privacy Act (CCPA) is a regulation on data protection and privacy passed into California state law that provides residents with a number of rights and privacy protections similar to GDPR. Some of these rights and protections include the right to know what personal information is being collected, how it is used and shared, how to request its deletion, and more.