Consistently organizations cite effective third-party risk management as one of their largest challenges, primarily driven by concern over sensitive information that a third-party has access to when working on their behalf. Integral to managing this risk is validating these organizations are securing their data in a manner consistent with their confidentiality, integrity, availability, and non-repudiation requirements. Over the last few years we have seen a rise in formal non-vendor specific certification programs that can be used to address this issue including ISO27001, BITS, and HITRUST. However, in many instances the “right” combination of tests required to provide assurance for a specific organization often cross both test type (design/compliance/substantiative) and standard/framework (e.g., ISO27001, OWASP, HIPAA, PCI, COBIT).
Accordingly, the “Pivot Point Security Validated” logo is not an indication that an environment has been certified by a specific test type to a fixed/discrete set of controls. Rather, it is an indication that an environment has been assessed in a manner and against a customized standard intended to provide a level of assurance tailored to the specific needs of the organization. Thus any person reviewing the attestation is provided assurance that is tailored to the specific risks or concern.
You can request a letter of attestation detailing the testing performed and the results obtained for any client displaying the “PPS Validated” logo by filling in the form to the right. If you are interested in getting your own “PPS Validated” logo, please fill out the form to the right.
* Each request will be reviewed with the requested company. Attestation letters will not be sent without approval from the requested company.