We’re committed to protect you!

ISO/IEC 27001:2013:


The ISO/IEC 27001:2013 is an international standard of the ISMS code of practice and certified for Internationally recognized ISO/IEC 27001 framework. The certification shows that Ilantus can manage and protect information assets. The standard ensures that IPs remain safe and secure. Keeps confidential information s secure exchange of information. It helps comply with other regulations like SOX, ISO/IEC 27017:2015, etc.


What security measures does it ensure?
It provides a competitive advantage and enhanced customer satisfaction that improves client retention. Ensures consistency in the delivery of service or product. Manages and minimizes risk exposure. Builds the culture of security and protects the company assets and shareholders. Business continuity planning and physical security may be managed quite independently of IT or information security.


What is the frequency of audit in our organization?
Internally, we evaluate the code of practice every quarter. We also conduct yearly surveillance and recertification of the audit.


Who conducts the audit?
The certification body of ANSI National Accreditation Board (ANAB) ANAB performs surveillance and recertification audit.


Who is included in our key audience?
Internal stakeholders as defined in the scope and customers as per the business needs.

ISO/IEC 27017:2015


The ISO/IEC 27017:2015 is an international standard of the ISMS code of practice which provides guidance for cloud service information security controls when implementing a cloud computing information security management system based on ISO/IEC 27001 for cloud services. This international standard provides additional cloud-specific implementation guidance based on ISO/IEC 27001.


What security measures does it ensure?
The standard provides guidance on shared roles and responsibilities within a cloud computing environment. Removal and return of cloud service customer assets upon contract termination. Protection and separation of a customer’s virtual environment from that of other customers. Virtual machine hardening requirements to meet business needs. Procedures for administrative operations of a cloud computing environment. Enabling customers to monitor relevant activities within a cloud computing environment and the alignment of security management for virtual and physical networks.


What is the frequency of audit in our organization?

Internally, we evaluate the code of practice every quarter. We also conduct yearly surveillance and recertification of the audit.


Who conducts the audit?

The certification body of ANSI National Accreditation Board (ANAB) ANAB performs surveillance and recertification audit.


Who is included in our key audience?

Internal stakeholders as defined in the scope and customers as per the business needs.

ISO/IEC 27018:2014 


The ISO/IEC 27018:2013 is an international standard of the ISMS code of practice

 for protection of personally identifiable information (PII) in public clouds acting as PII processors to Increase the level of protection of personal data in the cloud:


What security measures does it ensure?

The standards ensure the rights of the customer to access and delete the data. It provides guidelines to process customer data only for the required purpose and not use it for any marketing or sales activities.  The deletion of temporary files. Notification to the customer in case a request for data disclosure is made. Recording all the disclosures of personal data. Disclosing the information about all the sub-contractors used for processing personal data. Notification to the customer in case of a data breach. Document management for cloud policies and procedures. Policy for return, transfer, and disposal of personal data. Confidentiality agreements for individuals who can access personal data. Restriction of printing personal data. Procedure for data restoration. Authorization for taking the physical media off-site. Restriction of usage of media that does not have encryption capability. Encrypting data that is transmitted over public networks. Destruction of printed media with personal data. Usage of unique IDs for cloud customers. Records of user access to the cloud.


What is the frequency of audit in our organization?

Internally, we evaluate the code of practice every quarter. We also conduct yearly surveillance and recertification of the audit.


Who conducts the audit?

The certification body of ANSI National Accreditation Board (ANAB) ANAB performs surveillance and recertification audit.


Who is included in our key audience?

Internal stakeholders as defined in the scope and customers as per the business needs.

SOC2 TYPE2 


The SOC 2 engagements are based on the AICPA’s Trust Services Criteria. SOC 2 service auditor reports focus on a service organization’s non-financial reporting controls as they relate to security, availability, confidentiality, and privacy of a system.

 

We have completed our SOC 2 Type II audit with a licensed CPA firm. Ilantus has selected the Security, Confidentiality, Availability and Privacy categories for the basis of their audit.

  • Common Criteria Security: The system is protected both logically and physically against unauthorized access.
  • Availability: The system is available for operation and use as committed or agreed to.
  • Confidentiality: Information that is designated ‘confidential’ is protected as committed or agreed.
  • Privacy: Personal information is collected, used, retained, and disclosed in conformity with the commitments in the entity’s privacy notice and with the privacy principles put forth by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Public Accountants (CICA).

What is the frequency of audit in our organization?

Internally, we evaluate the code of practice every quarter. We also conduct yearly surveillance and recertification of the audit.


Who conducts the audit?

Certified CPA (Certified Public Accountant) conducts the audits.


Who is included in our key audience?

Internal stakeholders as defined in the scope and customers as per the business needs.