Cloud Security Alliance (CSA) Security Trust, Assurance and Risk (STAR) is the industry’s most powerful program for security assurance in the cloud. Acronis is listed as a Trusted Cloud Provider since May 2020.

NEN 7510 is the official Dutch standard for setting up and implementing information security management systems for organizations working with patients’ data in the health care industry. The standard became mandatory for health care organizations in the Netherlands in 2018, offering further interpretation and accountability of the General Data Protection Regulation (GDPR).

NEN 7510 is based on ISO 27001:2013; however, it introduces three additional controls and some specific compliance measures that supplement the ISO standard.

Introduced by the French governmental agency for health, “L’Agence du Numérique en Santé” (ASIP Santé), the HDS certification aims to strengthen the security and protection of personal health data.

The Cloud Italia qualification process, managed by ACN, Agenzia Cybersicurezza Nazionale (National Cybersecurity Agency), plays a vital role in ensuring the security and reliability of cloud services offered to Italy’s public sector. Aligned with the NIS 2 Directive, it imposes stringent criteria on providers, including compliance with data protection regulations and cybersecurity standards. By meeting these requirements, providers contribute to the resilience of critical digital infrastructure and services. The qualification process fosters trust in cloud solutions, facilitating their adoption across government agencies and organizations.

The Esquema Nacional de Seguridad (ENS) is a cybersecurity framework established by the Spanish government to ensure the protection of sensitive information and critical infrastructure within public administrations. It defines a set of security measures and guidelines that organizations must adhere to in order to mitigate cyberthreats and safeguard data. ENS certification is required for public administrations’ suppliers to demonstrate their compliance with established security standards and ensure the integrity, confidentiality, availability, authenticity and traceability of information systems.

Cyber Essentials is a government-backed scheme that is applicable to organizations operating in the United Kingdom. It includes a set of basic technical controls which organizations have to implement to protect themselves against common online security threats.

The Information Security Registered Assessors Program (IRAP) enables Australian Government customers to validate that appropriate controls of cloud services are in place and determine the appropriate responsibility model for addressing the requirements of the Australian Government Information Security Manual (ISM) produced by the Australian Cyber Security Centre (ACSC). Protecting data from unauthorized access or unauthorized disclosure is a must when procuring and leveraging cloud services. The IRAP assessment report is a proof that the service can be trusted.

The General Data Protection Regulation (GDPR) is a new European privacy law, due to come into force on May 25, 2018, which protects European Union (EU) citizens' right to privacy. It introduces robust requirements that will raise standards of data protection, security and compliance. The GDPR will replace the current EU Data Protection Directive and aims to harmonize data protection laws across the EU.

Personally identifiable information (PII) is any data that can be used to identify a specific individual. Phone number, email address, passport/ID number and even digital images are included. The GDPR gives people greater control over their PII, while imposing strict obligations on organizations that collect, process or analyse personal data. It also imposes heavy fines for non-compliance and data breaches

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting confidential patient data. Companies that handle protected health information (PHI) must have physical, network and process security measures in place and follow them to ensure HIPAA compliance. Covered entities (anyone who provides treatment, payment and operations in the healthcare field) and business associates (anyone who has access to patient information and provides support in treatment, payment or operations) must comply with HIPAA compliance.

ISO/IEC 27701:2019 is a data privacy extension of ISO 27001. This recently published information security standard provides guidance for organisations looking to implement systems to support compliance with the GDPR and other data privacy requirements. ISO 27701, also abbreviated as PIMS (Privacy Information Management System), describes a framework for Controllers of Personally Identifiable Information (PII) and Processors of PII to manage data privacy.

Article 42 of the GDPR discusses data protection certification mechanisms and data protection seals and marks. No such mechanisms exist yet. However, it is possible to obtain independently accredited certification to ISO 27001 and ISO 27701 by implementing their controls - which will demonstrate to all interested parties that Zadara - and therefore your organisation - is following international best practice when it comes to protecting personal data/PII.
The aim of this standard is to provide organisations with a practical framework with which they can extend their existing ISMS (Information Security Management System) to become a PIMS (Privacy Information Management System).

Defining ISO27018 ISO 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect personally identifiable information (PII) in the public cloud computing environment. It takes into account regulatory requirements for the protection of PII that may be applicable in the context of a public cloud service provider's information security risk environment(s).

Defining ISO27017 ISO/IEC 27017:2015 provides guidelines for information security controls applicable to the provision and use of cloud services, providing additional controls with implementation guidance that relate specifically to cloud services.

This International Standard provides controls and implementation guidance for cloud service providers and cloud service customers..

Defining ISO 27001
ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for information security management. It is a framework of policies and procedures that includes all the legal, physical and technical controls involved in an organization's information risk management processes.

As a formal specification, ISO 27001 requires specific requirements. Organizations that claim to have adopted ISO 27001 can therefore be formally audited and certified in accordance with the standard.

ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system".

ISO 27001 is the de facto international standard for Information Security Management.

The Service Organization Controls (SOC) are a set of standards designed to measure the ability of a given service organization to control its information in its service environments (for example, the clouds it manages). SOC 1 compliance concerns the internal controls of an advanced IT services organization. A company achieves SOC 1 compliance by having sufficient policies and strategies in place to protect customer data.

About SOC 2
Although many companies understand the benefits of migrating basic functions, such as data storage, to the cloud, some companies are still hesitant due to security concerns. SOC 2 compliance gives companies the confidence and peace of mind of knowing that their data is protected and highly available.

Defining SOC
Service Organization Controls (SOC) are a set of standards designed to measure a given service organization's ability to control its information in its service environments (for example, the clouds it manages). SOC 1 compliance concerns the internal controls of an advanced IT services organization. A company achieves SOC 1 compliance by having sufficient policies and strategies in place to protect customer data.

About SOC 1
The SOC 1 report focuses on a service organization's controls that are relevant to an audit of a service organization's client financial statements. The control objectives relate to the business and information technology processes implemented by Zadara to protect the financial information stored on the Zadara platform. The SOC 1 Type II report includes a description of the controls in the Zadara clouds, as well as an opinion on the operating effectiveness of these controls over a period of time.