FTI Technology’s security and privacy programs have been developed and operate in compliance with leading industry standards. A high standard for compliance is integral to our approach so that we know we’re consistently aligned with best practices and can provide our clients with the assurance they need to trust our processes. Our compliance program includes the principle of continuous improvement to exceed and maintain extensive standards, regulations and certifications.
Our organization complies with the following:
FTI Technology has successfully achieved ISO 27001:2013 certified status by implementing a rigorous Information Security Management System (ISMS) for its hosted technology platforms. Our ISMS formally documents its management system that brings information security under explicit management controls and is formally audited and certified compliant with the ISO 27001:2013 standards. FTI Technology utilizes a third-party independent of FTI Consulting to conduct regular internal and third-party ISO 27001 ISMS audits. FTI Technology’s ISO 27001 certification can be verified here.
Achieving ISO 27017 certification demonstrates to clients and stakeholders FTI Technology’s ongoing commitment to the security of data and cloud-based services, enhancing trust and helping meet regulatory requirements such as GDPR. For FTI Technology, ensuring the safety of consumer information is a mission-critical priority. FTI Technology’s ISO 27017 certification can be verified here.
ISO 27018:2019 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO/IEC information security standard 27002 and provides implementation guidance on ISO/IEC 27002 controls applicable to public cloud Personally Identifiable Information (PII). It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO/IEC 27002 control set. FTI Technology’s ISO 27018 certification can be verified here.
FTI Technology undergoes a third-party PCI DSS Report on Compliance (ROC) to assess our compliance under the PCI DSS standard. The assessment includes issuance of a formalized ROC to FTI Technology upon evidencing that proper PCI DSS controls are implemented. FTI Technology can share our third-party PCI DSS Attestation of Compliance (AOC) upon written request.
CSA STAR Registry Level One
The CSA designed the Security, Trust, Assurance and Risk (STAR) program as an assurance framework for cloud service providers (CSPs). Combining the principles of transparency, rigorous auditing and harmonization of standards, it provides organizations with cloud-specific structure and detail for their information security programs. Having completed the CSA Consensus Assessments Initiative Questionnaire (CAIQ), FTI Technology has successfully achieved and currently maintains the STAR Level 1 status.
SOC2® Type2 with HIPAA
These reports help our customers and their auditors understand the controls established to support operations and compliance. FTI Technology can share our SOC2® examination report upon written request.
Cyber Essentials Plus
FTI Technology has successfully obtained the Cyber Essentials and Cyber Essentials Plus certification. The Cyber Essentials and Cyber Essentials Plus helps organizations guard against the most common cyber threats and demonstrates their commitment to cyber security. FTI Technology’s Cyber Essentials and Cyber Essentials Plus certification can be verified here.
Learn about service offerings and solutions from FTI: