Skip to main content

Certifications and Frameworks

Certifications๐Ÿ“œ (you get audited, get a formal certificate, can show customers)

  1. SOC 2 Type II โ€“ US SaaS trust standard, very common in procurement.
  2. ISO/IEC 27001 โ€“ International information security management certification.
  3. ISO/IEC 27701 โ€“ Privacy management (pairs with ISO 27001).
  4. FedRAMP Moderate โ€“ Required if selling to US federal agencies (government cloud).
  5. CMMC Level 2 โ€“ Required for Department of Defense-related contracts.
  6. PCI DSS SAQ โ€“ Payment card security compliance (usually handled by payment processor, but you still attest).
  7. CSA STAR Certification โ€“ Cloud security certification recognized globally.

Frameworks & Compliance Standards ๐Ÿ“œ (best practices, often referenced in RFPs; you align to them)

  1. NIST Cybersecurity Framework (CSF) โ€“ US governmentโ€“favored baseline for managing cybersecurity risk.
  2. NIST SP 800-53 โ€“ More detailed control set for government contracts.
  3. State Privacy Laws Compliance โ€“ CCPA/CPRA (California)
  4. GDPR โ€“ EU privacy regulation (important if expanding internationally).
  5. CJIS Security Policy โ€“ If handling law-enforcement-related data for municipal utilities.
Back to top