Security breaches and malicious attacks are a big problem for business.
So big, in fact, that in 2020 the average cost of a breach to U.S. businesses was $8.64 million – highest in the world, according to the Forgerock Consumer Identity Breach Report 2021. It states that more than 11 billion consumer records have been exposed in the last three years.
Breaches, hacks, and attacks accelerated during the pandemic because more people than ever―including consumers and employees―were online leveraging their digital identities to maintain their daily personal and business lives.
Security has never been more essential or under greater threat than it is today with dangers coming from criminals, nation states, and those wanting to defraud the test-taking and credentialing experience for personal or financial gain.
Kryterion invests heavily in certification security
At Kryterion, it’s essential to provide a secure environment for the data, privacy, and protection of our clients and their test-candidates.
At the bottom of each page of our website, you’ll notice the PCI and SOC 2 Type II icons attesting to our investment in protecting the security of our clients’ credentialing programs.
Here’s what the icons mean to your credentialing business:
We protect your candidates’ online transactions
Kryterion safeguards your candidates’ personal protected information (PPI) in accordance with the highest standards of the credit-card industry.
The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of security standards for all companies that accept, process, store, or transmit credit-card information―regardless of the size or number of transactions―and maintain a secure environment for the protection of financial data and user identities.
The PCI DSS is administered and managed by the PCI Security Standard Council, an independent body created by the major payment credit-card brands including Visa, MasterCard, American Express, and Discover.
Why SOC matters to the testing industry
SOC stands for “system and organization controls” and refers to reports on internal controls for processing information and protecting client data. SOC standards are established by the American Institute of Certified Public Accountants (AICPA) and form the backbone of auditing best practices.
There are three SOC standards: SOC 1, SOC 2, and SOC 3. Each one designates the specific reports required for the internal controls for specific types of businesses. SOC 2 is the appropriate standard for service organizations like Kryterion.
Against the background of rising security breaches and cyber-attacks around the world, SOC 2 provides confidence and peace of mind for organizations that engage third-party vendors and rely on them to follow data-protection best practices.
A SOC 2 Type II certified company, like Kryterion, that has passed an independent audit, ensures that data safeguards and protection protocols are in place.
Test sponsors use the SOC 2 certification as an essential metric when selecting the third-party vendors that deliver exams, manage testing programs, and protect sponsor and candidate data.
We order audits every year
Audits are tough. Still, we request them because they strengthen our security and boost the protection we provide to our sponsors and test candidates.
We believe that regular audits ultimately produce stronger preventive measures for the certifications we manage.
Prevention is how smart certifications win the security battle.
Secure management of client data with SOC 2 Type II certification
Businesses consider SOC 2 Type II to be the most comprehensive and trustworthy certification for evaluating third-party service providers.
SOC 2 Type II audits compliance with the following five trust principles established by the AICPA:
- Data processing
The SOC 2 Type II standard is most appropriate for IT and SaaS companies whose cloud-based operations rely on securely protecting and safeguarding clients’ sensitive data. It’s practically the de-facto certification standard of regulators, examiners, and auditors examining cloud-based companies.
For test sponsors that value data security and peace of mind—and who doesn’t—discovering the extra protection that SOC 2 Type II provides is welcome news.
To keep up with any changes to the SOC 2 Type II standard and to continue strengthening the five trust principles above, Kryterion requests an audit every year.
We earned our SOC 2 Type II certification for the year 2021 and are currently working toward our 2022 certification.
You can find more details about SOC 2 on the AICPA web site.
Peace of mind for certification managers and test candidates
In 2021, Gartner, the global research and advisory firm, estimated that worldwide spending for software-security products and services would exceed $150 billion. In some ways, that figure is a proxy for the size of the perceived threat from breaches, hacks, and malicious attacks. Again, security is serious business.
The last thing certification sponsors ever want to deal with is the mess of a security breach.
Through regular, rigorous industry audits, Kryterion offers its clients and their candidates a comprehensive level of data protection and privacy safeguards. The benefit is trust in our robust security protocols and peace of mind resulting from our investment in the protection of their certification programs.
If you’d like to learn more about how Kryterion protects the privacy, confidentiality, and security of credentialing programs, please contact us via our short web form here.