ISO/IEC 27001 is a specification for an information security management system (ISMS), which is a framework for an organization’s information risk management processes and security controls across 14 domains, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
MATRIXX has achieved ISO 27001:2013 certification and will ensure continued compliance. Audits are carried out by an independent certified third party. Upon request, MATRIXX can provide the certificates to customers.
Security SOC 2 — SSAE 18 (ISAE 3402) Type II
Statements on Standards for Attestation Engagements No. 18 (SSAE 18) supersede ISAE 3402 and are a generally accepted standard for auditing, published by the American Institute of Certified Public Accountants (AICPA). The SSAE 18 standards apply to Systems and Organizational Control (SOC) reports.
MATRIXX complies with SSAE 18 AICPA Trust Principles for Security, Confidentiality and Availability (and, where in scope, Privacy and Processing Integrity), and undergoes an audit each year for the purposes of examining the relevant controls. These audits are performed by an independent, certified third party and the resulting reports are provided to our customers upon request.
The SOC 2 report demonstrates controls in place to meet the AICPA’s SOC 2 Trust Services Criteria (TSC) for the following principles:
Privacy: personal information is collected, used, retained, disclosed and disposed of in conformity with the commitments in MATRIXX’s privacy notice and with criteria set forth in the Generally Accepted Privacy Principles issued by the AICPA
Confidentiality: information that is designated “confidential” is protected according to policy or agreement
Security: the system is protected against unauthorized access, both physical and logical
Availability: the system is available for operation and use in accordance with MATRIXX’s commitments
Processing Integrity: system processing is complete, accurate and authorized