Our Compliance Certifications
Arkose Labs currently holds Certificates of Registration for ISO/IEC 27001:2013 and ISO/IEC 27701:2019 as well as Certificates of Conformity for ISO/IEC 27002:2013 and ISO/IEC 27018:2019.
ISO/IEC 27001:2013
Specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS) within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
ISO/IEC 27002:2013
It is an extension of ISO/IEC 27001:2013 which provides guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment.
ISO/IEC 27018:2019
Adds new guidelines, enhancements, and security controls to the ISO/IEC 27001 and ISO/IEC 27002 standards, which help cloud service providers better manage the data security risks unique to Personally Identifiable Information (PII) in cloud computing.
ISO/IEC 27701:2019
Is mapped to specify requirements and provide guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System. (PIMS) as an extension to ISO/IEC 27001 and ISO/IEC 27002.
American Institute of Certified Public Accountants (AICPA) has developed SOC for Service Organizations’ reporting standards. Meeting SOC requirements is an indication that Arkose Labs has the necessary controls in place to ensure our customers’ valuable data is protected on an ongoing basis.
SOC 1® Type 2
SOC 1 is an audit report that focuses on a description of a service organization's control and the suitability of how those controls are designed to achieve the control objectives over a specific period of time.
SOC 2® Type 2
SOC 2 addresses a service organization's controls that relate to operations and compliance, as outlined by the AICPA Trust Services criteria in relation to availability, security, processing integrity, confidentiality and privacy.
Data Privacy Regulations
GDPR
General Data Protection Regulation (GDPR) is a regulation on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It imposes obligations onto organizations worldwide that target or collect personal data from residents of the European Union, and provides those residents with a number of rights and protections with respect to data ownership and privacy.
CCPA
California Consumer Privacy Act (CCPA) is a regulation on data protection and privacy passed into California state law that provides residents with a number of rights and privacy protections similar to GDPR. Some of these rights and protections include the right to know what personal information is being collected, how it is used and shared, how to request its deletion, and more.
Certified WCAG 2.2 AA
The Web Content Accessibility Guidelines (WCAG) is a standard created by the W3C to help ensure that web content is accessible to all users. It is the most common standard used for web accessibility and covers a wide gamut of requirements, both visual and technical.