Compliance

Our organization complies with the following:

ISO 27001

FTI Technology has successfully achieved ISO 27001:2013 certified status by implementing a rigorous Information Security Management System (ISMS) for its hosted technology platforms. Our ISMS formally documents its management system that brings information security under explicit management controls and is formally audited and certified compliant with the ISO 27001:2013 standards. FTI Technology utilizes a third-party independent of FTI Consulting to conduct regular internal and third-party ISO 27001 ISMS audits. FTI Technology’s ISO 27001 certification can be verified here.

ISO 27017

Achieving ISO 27017 certification demonstrates to clients and stakeholders FTI Technology’s ongoing commitment to the security of data and cloud-based services, enhancing trust and helping meet regulatory requirements such as GDPR. For FTI Technology, ensuring the safety of consumer information is a mission-critical priority. FTI Technology’s ISO 27017 certification can be verified here.

ISO 27018

ISO 27018:2019 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO/IEC information security standard 27002 and provides implementation guidance on ISO/IEC 27002 controls applicable to public cloud Personally Identifiable Information (PII). It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO/IEC 27002 control set. FTI Technology’s ISO 27018 certification can be verified here.

PCI DSS

FTI Technology undergoes a third-party PCI DSS Report on Compliance (ROC) to assess our compliance under the PCI DSS standard. The assessment includes issuance of a formalized ROC to FTI Technology upon evidencing that proper PCI DSS controls are implemented. FTI Technology can share our third-party PCI DSS Attestation of Compliance (AOC) upon written request.

CSA STAR Registry Level One

The CSA designed the Security, Trust, Assurance and Risk (STAR) program as an assurance framework for cloud service providers (CSPs). Combining the principles of transparency, rigorous auditing and harmonization of standards, it provides organizations with cloud-specific structure and detail for their information security programs. Having completed the CSA Consensus Assessments Initiative Questionnaire (CAIQ), FTI Technology has successfully achieved and currently maintains the STAR Level 1 status.

SOC2^® Type2 with HIPAA

These reports help our customers and their auditors understand the controls established to support operations and compliance. FTI Technology can share our SOC2^® examination report upon written request.

Cyber Essentials Plus

FTI Technology has successfully obtained the Cyber Essentials and Cyber Essentials Plus certification. The Cyber Essentials and Cyber Essentials Plus helps organizations guard against the most common cyber threats and demonstrates their commitment to cyber security. FTI Technology’s Cyber Essentials and Cyber Essentials Plus certification can be verified here.