We lead with compliance and security.
MBE Certified
Ilingo2.com, Inc. Is a certified minority owned business since 2017.
AICPA SOC 1
The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. The reports cover IT General controls and controls around availability, confidentiality and security of customer data.
The SOC 1 reports are primarily concerned with examining controls that are relevant for the financial reporting of customers.
AICPA SOC 2
The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. The reports cover IT General controls and controls around availability, confidentiality and security of customer data.
The SOC 2 reports cover controls around security, availability, and confidentiality of customer data.
AICPA SOC 3
The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. The reports cover IT General controls and controls around availability, confidentiality and security of customer data.
The SOC 3 report covers the Security, Availability, and Confidentiality Trust Services Principles
ISO 27001
ISO 27001 is one of the most widely recognized and accepted independent security standards. Our technology partner has earned ISO 27001 certification for the systems, technology, processes, and data centers.
ISO 27017
ISO 27017 is an international standard of practice for information security controls based on ISO/IEC 27002 specifically for cloud services. Our technology partner has complied with the international standard and is certified by Ernst & Young CertifyPoint, an ISO certification body accredited by the Dutch Accreditation Council (a member of the International Accreditation Forum, or IAF).
ISO 27018
Our technology partners compliance with ISO/IEC 27018:2014 affirms their commitment to international privacy and data protection standards. ISO 27018 guidelines include not using your data for advertising, ensuring that your data remains yours, providing you with tools to delete and export your data, protecting your information from third-party requests, and being transparent about where your data is stored.
The U.S. Department of Defense: Impact Level 2
The U.S. Department of Defense (DoD) has unique information protection requirements that extend beyond the common set of requirements established by the Federal Risk and Authorization Management Program (FedRAMP) program. Using FedRAMP requirements as a foundation, the U.S. DoD specifically has defined additional cloud computing security and compliance requirements in their DoD Cloud Computing Security Requirements Guide (SRG). Cloud Service Providers (CSPs) supporting U.S. DoD customers are required to comply with these requirements.
Our technology partners Cloud has been granted a Provisional Authorization (PA) for Impact Level 2 (IL2) from Defense Information Systems Agency (DISA) leveraging their FedRAMP Moderate ATO. IL2 is for non-Controlled Unclassified Information (non-CUI), which includes all data cleared for public release, as well as some DoD private unclassified information not designated as CUI or critical mission data that requires some minimal level of access control.
The U.S. Department of Defense: Impact Level 4
The U.S. Department of Defense (DoD) has unique information protection requirements that extend beyond the common set of requirements established by the Federal Risk and Authorization Management Program (FedRAMP) program. Using FedRAMP requirements as a foundation, the U.S. DoD specifically has defined additional cloud computing security and compliance requirements in their DoD Cloud Computing Security Requirements Guide (SRG). Cloud Service Providers (CSPs) supporting U.S. DoD customers are required to comply with these requirements.
Our technology partners Government Cloud has been granted Provisional Authorization (PA) for Impact Level 4 (IL4) from Defense Information Systems Agency (DISA) leveraging Salesforce’s FedRAMP Moderate ATO and undergoing additional assessments by independent organizations. This provides DoD mission owners and authorized contractors the ability to utilize the their Government Cloud to manage Controlled Unclassified Information (CUI), including Personal Identifiable Information (PII) and Protected Health Information (PHI). This also includes data requiring protection from unauthorized disclosure and other mission-critical data.
FedRAMP
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. Federal government program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The FedRAMP program has helped to accelerate the adoption of secure cloud solutions through the reuse of assessments and authorizations across government agencies. FedRAMP leverages a standardized set of requirements, established in accordance with the Federal Information Security Management Act (FISMA), to improve consistency and confidence in the security of cloud solutions. Cloud Service Providers (CSP) that support U.S. government customers or operate on U.S. government information are responsible for complying with the requirements established by the FedRAMP program.
ISO 27001
The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers and data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touch point audits (surveillance audits).
ISO 27017
ISO 27017 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO 27002 and ISO 27001 standards. This code of practice provides additional information security controls implementation guidance specific to cloud service providers. The standard advises both cloud service customers and cloud service providers, with the primary guidance laid out side-by-side in each section.
ISO 27018
The International Organization for Standardization 27018 Standard (ISO 27018) covers privacy protections for the processing of personal information by cloud service providers.
National Insitute of Standards and Technology
In October 2016, the U.S. Department of Defense (DoD) updated acquisition requirements for government contractors to provide more specific guidance in light of their continued use of cloud computing services as it relates to the transmission, storage, and processing of controlled defense information. When cloud services are used by a contractor as part of a system operated on behalf of the U.S. government, those cloud services are expected to comply with the requirements defined in the DoD Cloud Computing Security Requirements Guide (SRG). When cloud services are used by a contractor as part of a system not operated on behalf of the U.S. government, those cloud services are expected to comply with the Moderate Impact requirements defined by the Federal Risk and Authorization Management Program (FedRAMP).
Since May 2014, Our technology partner has maintained a FedRAMP Authority to Operate (ATO) at the Moderate Impact level for our technology partner Government Cloud. Further, as of January 2017, our technology partner was granted a Provisional Authorization for their Government Cloud at Information Impact Level 4 (IL4) by the Defense Information Systems Agency (DISA). These authorizations may assist DoD mission owners and authorized contractors in their management of Controlled Unclassified Information (CUI), including Personal Identifiable Information (PII), Protected Health Information (PHI), and other mission-critical data requiring protection from unauthorized disclosure.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) is government legislation that defines the privacy and security provisions for safeguarding medical information (protected healthcare information: PHI). The HIPAA regulation framework includes the following categories of regulations: Security Rule, Privacy Rule, Breach Notification, and Enforcement Rule.
EU US Privacy Shield
For certain Services, for which our technology partner acts as a data processor, they are certified under the EU-U.S. Privacy Shield framework.
The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.
UK Cyber Essestials
The UK Cyber Essentials Scheme was developed as part of the UK’s National Cyber Security Programme. It is mandatory for the UK central government contracts that involve handling personal data and providing certain ICT products and services, yet still mandated in the MoD. The UK Cyber Essentials Scheme is backed by UK industry, including the Federation of Small Businesses, the CBI and a number of insurance organizations offering incentives for businesses.
PCI DSS
The Payment Card Industry Data Security Standards (PCI DSS) is a proprietary information security standard designed to ensure that companies processing, storing or transmitting payment card information maintain a secure environment. The PCI DSS applies to credit cards from the major card brands, including Visa, MasterCard, American Express, Discover, and JCB. A third-party PCI Qualified Security Assessor (QSA) assesses company systems and processes on an annual basis and issues an Attestation of Compliance (AOC).
Benefits of our Key Features
Continuous Security Monitoring
- Ilingo2.com employs numerous intrusion detection systems (IDS) to identify malicious traffic attempting to access its networks.
- Any unauthorized attempts to access the data center are blocked, and unauthorized connection attempts are logged and investigated.
- Enterprise-grade anti-virus software guards against trojans, worms, viruses, and other malware from affecting the software and applications.
Complete Separation of Duties
- Job responsibilities are separated, and mandatory employee background checks are employed at all levels of ilingo2.com operations.
- The principle of least authority (POLA) is followed and employees are given only those privileges necessary to do their duties.
Managed Physical Access
- Stringent physical security policies and controls to allow unescorted access to pre-authorized ilingo2.com Operations personnel.
- Proximity card reader devices are located at major points of entry and critical areas.
- All perimeter doors are alarmed and monitored and all exterior perimeter walls, doors.
Secured Premises
- CCTV video surveillance cameras with pan-tilt-zoom capabilities are located at points of entry to the collocation and other secured areas within the perimeter
- Video is monitored and stored for review for non-repudiation.
Continuous Performance Audits
- Ilingo2.com Operations manages ongoing SOC 2 Compliance
- Risk management is modeled after the National Institute of Standards and Technology’s (NIST). Periodic audits help ensure that personnel performance, procedural compliance, equipment serviceability, updated authorization records and key inventory rounds are above par.