As detailed in a previous blog post, Sekoia has been certified PCI-DSS level 1.
We started two years ago when we were discussing an extension of our coverage with a customer.
This customer was processing card data and consequently had to be partnering with PCI-compliant security solutions to monitor its perimeter.
We were already providing our SaaS SOC platform at this time, but not a certified solution and that was a problem for their compliance.
We then decided to open a new cloud region with a high-grade level of security and compliance for high-demanding customers such as our first sponsor.
Sekoia was born out of a passion for security, so it was fitting for us to incorporate our security principles and expertise in our posture to offer excellence to our customers.
While cybersecurity is a crucial feature of a SaaS product, its security level is primarily derived from the overall practices of the entire company.
The involvement of management in the security program, mature HR and IT processes, a strong commitment from the staff to security, etc.
All these activities will directly impact the security of your product.
For those interested, we have created our Security Whitepaper, which is the explanation of all our security enforcement at the company level.
This Security Whitepaper is also available on trust.
When we started our compliance journey, we had in mind that we would need a solution to consolidate our evidence in a structured library.
We did not want to do it only for PCI DSS but also for other frameworks that would be required in the future along our expected compliance milestones.
We chose Drata because the platform could simultaneously help us consolidate our evidence while also automating and accelerating the compliance process across the organization.
Using Drata's automation, we are able to ensure that a specific control remains in compliance in addition to to having it assigned to several frameworks, which optimizes our time by eliminating the need for repeated tasks.
On Sekoia.io's Trust Center, powered by Drata, we showcase some continuous monitoring controls that are in place for Sekoia.io.
Customers can also easily request access for specific documents, such as an AOC, for instance.
We started with PCI DSS but we will continue in 2024 with other certifications that can show how our solution is able to meet the needs of our high demanding customers, either because they are regulated themselves or because they want trusted partners.
Today we consider ourselves to be a strategic provider for our customers.
We cherish the trust they place in us and that's why we set the bar at the highest level in terms of security to protect their data and make them safer thanks to our SOC platform.
This Cyber News was published on blog.sekoia.io. Publication date: Fri, 12 Jan 2024 11:13:05 +0000