In today's digital landscape, organisations face the challenge of meeting expanding privacy regulations and increasing end-user expectations for data handling transparency. It is more important than ever for businesses to consider a provider’s security framework and commitment to privacy. We take pride in being certified and adhering to the world's highest industry standards and regulations, allowing our clients to create safer verification experiences by protecting customers and their sensitive data.
We are proud to uphold rigorous compliance standards via our products, infrastructure, and procedures by achieving these esteemed accreditations again this year.
Data Zoo has implemented strong security controls and practices to protect the confidentiality, integrity, availability and privacy of our client’s data. This fantastic achievement provides assurance to our clients that we have undergone rigorous security assessments and met the industry standards for security, risk management, and compliance.
We understand the difference between being compliant (self-audited) and certified (audited by independent third-party auditors). We proactively undertook rigorous audits and assessments with third-party, independent auditor AssuranceLab to achieve our CSA Star Attestation, SOC 2 Type 2 Attestation and ASAE 3150 report. We pride ourselves on putting our privacy, security and compliance to the test year after year. Our team works diligently across multiple departments, including HR, IT, DevOps, Development and Product, to ensure a robust security and compliance framework.
What is SOC2?
SOC 2 Type 2 assesses whether a service provider’s processes meet specific criteria for managing customer data based on five trust service principles – security, availability, processing integrity, confidentiality, and privacy.
It is considered one of the most in-depth and rigorous compliance frameworks. Conducted by external auditors, it provides an independent, third-party report. The report gives customers, regulators, business partners, and suppliers confidence that the solution provider they are engaging with has effective security measures for managing data.
What is CSA Star?
The Cloud Security Alliance (CSA) operates the Security, Trust, Assurance, and Risk Registry (STAR) – a publicly accessible registry that documents the security and privacy controls of popular cloud computing offerings. There are two levels of STAR assurance, each with a different set of requirements. The most in-depth is level 2, which requires a third-party audit by a qualified CSA practitioner. To undertake the level 2 assessment, an organisation must already hold or adhere to either ISO27001, SOC 2, GB/T 22080-2008, or GDPR.
What is ASAE 3150?
An ASAE 3150 report is a type of audit report that evaluates the effectiveness of a company's security controls. It is typically performed by an independent auditor who examines the company's security controls to determine if they can protect its assets and data from unauthorised access or theft. An ASAE 3150 report is a privacy safeguard requirement for the Australian Consumer Data Right (CDR) ecosystem. IDUX, a part of Data Zoo Group, is an active current provider in Australia’s CDR ecosystem.
Ready to see the difference? Discover how to keep your customers' privacy safe, reduce risk, and create a positive customer onboarding experience with Data Zoo.