Industry Certifications

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

• Certificate Expiration Date: August 24, 2023

ISO/IEC 27701:2019 specifies requirements and provides guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization.

• Certificate Expiration Date: April 28, 2024

The American Institute of Certified Public Accountants (AICPA) System and Organizational Controls (SOC) for Service Organizations reports are designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report by an independent CPA. Each type of SOC for Service Organizations report is designed to help service organizations meet specific user needs.

BeyondTrust SOC Reports are based on independent third-party assessor examinations. The resulting reports demonstrate how BeyondTrust achieves key compliance controls and objectives. The purpose of these reports is to help customers and auditors understand the BeyondTrust controls established to support operations and compliance.

• SOC II Type 2: Certified for SRA, PM Cloud, PS Cloud
  
• SOC II Type 1: Certified for CPB

The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

• E.U.–U.S. Privacy Shield Expiration Date: September 16, 2023
• Swiss–U.S. Privacy Shield Expiration Date: September 16, 2023

FIPS 140-2 standard is specific to security requirements for a cryptographic module used within a security system, and is published by the U.S. National Institute of Standards and Technologies (NIST). FIPS 140-2 was the main input document for developing ISO/IEC 19790, and is recognized worldwide as an important benchmark for third-party validations of encryption products of all kinds.

• BeyondTrust Remote Support Certification Date: April 2021

The PCI Security Standards Council (PCI SSC), representing financial institutions, merchants, processor companies, software developers, and point-of-sale vendors, developed PCI DSS in 2004 to safeguard credit card and cardholder data against breach and other forms of unauthorized access.

To process, store, or transmit credit card data, merchants and payment or internet service providers must be PCI compliant. Otherwise, they face strict penalties including fines and possible loss of credit card privileges.

Level 4 applies to merchants that process fewer than 20,000 Visa or Mastercard e-commerce transactions per year or up to 1 million total Visa or Mastercard credit card transactions and that have not suffered a data breach or attack that compromised card or cardholder data.

• PCI/DSS Level 4 Expiration Date: June 30, 2023

The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification.

• Common Criteria Protection Profile for Enterprise Security Management Certificate Date: June 2018