Press Releases
Confirmation.com Further Illustrates its Commitment to Information Security by Achieving an ISO 27001 Certification
19 Feb 2013 - 3 minutes read
Last Updated: 02/19/2013
NASHVILLE, TN – February 19, 2013 – Confirmation.com, the creator and the world’s leading provider of secure audit confirmation services, announced today that it has earned the prestigious ISO 27001 certification. This certification demonstrates the company’s longstanding commitment to security, operational excellence and its ability to handle client information in a highly secure manner.
ISO 27001 is the leading international security standard that was jointly produced by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005. The standard clearly defines the requirements for establishing, implementing, operating and maintaining a documented information security management system (ISMS).
The scope of Confirmation.com’s ISMS covers its online audit confirmation service and infrastructure including data and data environments, servers, source code, and internal networks related to its Nashville, TN, and Delray Beach, FL, offices. It also covers the logical security and availability controls of Confirmation.com’s production servers located in Terremark’s Miami, FL, and Culpepper, VA, data center facilities.
“Many of our clients include global financial institutions and accounting firms that adhere to very rigorous security practices in order to protect their clients’ information, and rely on us as a service provider to adopt the same high-level standard,” said Chris Schellhorn, CEO of Confirmation.com. “We are thrilled to achieve an ISO 27001 certification because it’s the best way to assure our clients that Confirmation.com has implemented an ISMS to help protect their clients’ data and to help secure the information processed through our systems.”
To achieve this certification, companies must conform to the requirements within the ISO 27001 standard, which includes performing a risk assessment on the scope of the ISMS and implementing controls relevant to mitigating the identified risk. Once certification is issued, it is valid for three years and involves regular onsite inspections that are performed to ensure that conformance is being maintained.
“Since our service involves the transfer of confidential information between the auditor and the financial institution, our company undergoes security audits from many of these entities on a regular basis,” said Jim Hamilton, chief technology officer of Confirmation.com. “By successfully completing an ISO certification, it proves that our company is committed to the highest information security standards. With Confirmation.com’s global reach, this certification is definitely an added plus because it is highly respected and recognized among the international information technology industry.”
BrightLine CPAs & Associates, Inc., a global and accredited provider of assurance and compliance services, issued Confirmation.com’s ISO 27001 certification that can be viewed here. The company also uses BrightLine for its Service Organization Control (SOC) 1, 2, and 3 examinations which are performed every six months.