SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

New certification standards announced, designed to secure and protect consumer data

Tue, 13th Jul 2021
FYI, this story is more than a year old

Automated security and verified compliance platform Vanta has announced the public availability of two new certification standards designed to help secure the internet and protect consumer data.

A rise in data leaks and privacy concerns have highlighted how companies handle their customers' data, driving the need for SOC 2, HIPAA, and ISO 27001 compliance as a prerequisite for doing business.

The SaaS market is forecast to rise to more than $122 billion this year, and the risks and costs associated with security breaches have similarly expanded. During the first half of 2020, more than 36 billion records were exposed with each data breach, costing U.S. companies alone an average of $8.64 million.

“Following the Equifax breach of 2017, we started on a mission to improve security and safeguard personal data,” says Vanta.

“It was clear from the increasing number of high-profile data breaches that online security was only becoming more important. At the same time, Vanta understood how hard it could be for fast-growing companies to invest the time and human resources it takes to build a solid security foundation.

Vanta started by automating SOC 2, the most commonly accepted framework for demonstrating security in the United States. In May, Vanta announced an invite-only beta for the company's two other most requested security standards, ISO 27001 and HIPAA.

After several months of product refinement, Vanta says it's excited to announce public availability for HIPAA compliance and ISO 27001 certification. These standards are now available as standalone services or packaged with their SOC 2 offering. With this release, Vanta says customers can enhance their security posture and prove compliance in one automated security platform.

HIPAA Compliance
Companies that create, access, store, or share Protected Health Information (PHI) must comply with HIPAA legal requirements or potentially face steep fines and penalties. The impact of weak security standards is costly, with the healthcare industry losing an estimated $25 billion to preventable ransomware attacks in 2019.

Vanta says its HIPAA product demystifies the path toward becoming and staying HIPAA compliant. It automates over 85% of the evidence requirements needed to prove HIPAA compliance while helping customers manage evidence that is not automated, such as signed Business Associate Agreements.

ISO 27001 Certification
ISO 27001 is the global benchmark for demonstrating an effective Information Security Management System. For businesses selling to customers outside of the U.S., a well-defined ISMS may be required by local law, and potential buyers will likely ask to see an ISO 27001 certificate before purchasing. According to IDG, 66% of CIOs surveyed said that compliance mandates were driving spending.

Vanta says its ISO 27001 product brings clarity to this complexity, providing customisable policy templates to help define the scope of an ISMS, assign roles and responsibilities, identify risks and mitigation measures, and more. Vanta automates over 80% of the ISO 27001 certification requirements.

“Adding support for additional compliance standards HIPAA and ISO 27001 is a natural extension of our mission,” says Vanta co-founder and CEO, Christina Cacioppo.

“Arguably, no consumer data is more important to protect than our Protected Health Information. As more and more of our PHI moves to the cloud, there's a growing need for the companies that process and store that data to prove that they handle it with the utmost integrity, not just on one day but continuously.

“Similarly, as more of our business is conducted globally, there's a huge need for companies to speak one common language of compliance. ISO 27001 gives businesses a globally accepted framework while demonstrating an extremely rigorous security posture. These two are the first of several additional standards we are adding to our security monitoring platform this year,” he says.

Follow us on: