Compliance

Our organization complies with the following:

ISO 27001

FTI Technology has successfully achieved ISO 27001:2013 certified status by implementing a rigorous Information Security Management System (ISMS) for its hosted technology platforms. Our ISMS formally documents its management system that brings information security under explicit management controls and is formally audited and certified compliant with the ISO 27001:2013 standards. FTI Technology utilizes a third-party independent of FTI Consulting to conduct regular internal and third-party ISO 27001 ISMS audits. FTI Technology’s ISO 27001 certification can be verified here.

ISO 27017

Achieving ISO 27017 certification demonstrates to clients and stakeholders FTI Technology’s ongoing commitment to the security of data and cloud-based services, enhancing trust and helping meet regulatory requirements such as GDPR. For FTI Technology, ensuring the safety of consumer information is a mission-critical priority. FTI Technology’s ISO 27017 certification can be verified here.

ISO 27018

ISO 27018:2019 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO/IEC information security standard 27002 and provides implementation guidance on ISO/IEC 27002 controls applicable to public cloud Personally Identifiable Information (PII). It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO/IEC 27002 control set. FTI Technology’s ISO 27018 certification can be verified here.

EU-U.S. Data Privacy Framework

The EU-U.S. Data Privacy Framework (EU-U.S. DPF), was developed by the U.S. Department of Commerce and the European Commission, (and respectively the UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) were developed with the UK Government, and the Swiss Federal Administration) to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union / European Economic Area, the United Kingdom (and Gibraltar), and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law. FTI Technology has certified its compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, as a covered entity (FTI Consulting Technology LLC) under FTI Consulting, Inc. FTI Technology's Data Privacy Framework certification can be viewed here.

PCI DSS

FTI Technology undergoes a third-party PCI DSS Report on Compliance (ROC) to assess our compliance under the PCI DSS standard. The assessment includes issuance of a formalized ROC to FTI Technology upon evidencing that proper PCI DSS controls are implemented. FTI Technology can share our third-party PCI DSS Attestation of Compliance (AOC) upon written request.

CSA STAR Registry Level One

The CSA designed the Security, Trust, Assurance and Risk (STAR) program as an assurance framework for cloud service providers (CSPs). Combining the principles of transparency, rigorous auditing and harmonization of standards, it provides organizations with cloud-specific structure and detail for their information security programs. Having completed the CSA Consensus Assessments Initiative Questionnaire (CAIQ), FTI Technology has successfully achieved and currently maintains the STAR Level 1 status.

SOC2^® Type2 with HIPAA

These reports help our customers and their auditors understand the controls established to support operations and compliance. FTI Technology can share our SOC2^® examination report upon written request.

Cyber Essentials Plus

FTI Technology has successfully obtained the Cyber Essentials and Cyber Essentials Plus certification. The Cyber Essentials and Cyber Essentials Plus helps organizations guard against the most common cyber threats and demonstrates their commitment to cyber security. FTI Technology’s Cyber Essentials and Cyber Essentials Plus certification can be verified here.

TISAX

FTI Consulting Technology LLC (FTI Technology) has successfully completed a Trusted Information Security Assessment Exchange (TISAX) assessment. The TISAX assessment confirms that a company’s information security management system complies with a defined set of security levels. TISAX is administered by the ENX Association on behalf of the German Association of the Automotive Industry (Verband der Automobilindustrie, VDA). TISAX provides a single industry-specific security framework for assessing information security for the wide landscape of suppliers, OEMs, and partners who may contribute to the automobile supply chain. VDA developed an information security assessment (ISA) catalog of criteria for assessing information security. The VDA ISA is based on the ISO/IEC 27001 and ISO/IEC 27002 standards adapted to the automotive industry and audits are conducted by accredited audit providers to demonstrate their qualification at regular intervals. TISAX results are not intended for general public and are exclusively retrievable over the ENX portal. TISAX is a registered trademark and governed by ENX Association. The scope ID and assessment IDs are SVHP4W and AV90AJ-1, respectively.