Page 24 - Executive Onboarding Deck - For Flipbook
P. 24
Legal, Compliance and Corporate Governance Management
Certifications and Attestations Third-party/ Independent Audits
• ISO 27001:2013 (Information Security)
• ISO 9001:2015 (Quality Management) • Client-initiated Security Assessments for IT General
• PCI-DSS (Payment Card Industry Data Security Controls
Standard) • Social Compliance Audits (Covers HR, Facilities, and
• HIPAA Certificate of Conformance (Health Insurance Legal) through a third-party certifying institution to comply
Portability and Accountability Act) with Client’s Code of Business Conduct requirements of
• SOC1 Type II (selected accounts in compliance with Elsevier, SpringerNature, Wiley, OUP, Taylor & Francis.
client’s MSA requirement) • Government inspections related to workplace safety and
• SOC 2 Type II (Entity-level) employee welfare
Internal Compliance and Risk Audits Information Awareness
• Integrated Management Systems Audit covering the • Mandatory annual Information Security and Data Privacy
proprietary/ business standards (ISO, PCI-DSS, Trainings through SPiRAL (computer-based training).
HIPPAA, CCPA, etc.) and internal policies/ controls. • New hire orientation
• Risk Assessment (Enterprise-level and Operational- • Other information security awareness campaigns such as
level). Malware, Phishing, Data Privacy and Protection.
• MSA and SOW Audit
© 2020-2021 Straive TM 24
