The PaaS provider wants to go above and beyond to protect its customers
Companies across a variety of industries are beginning to understand the benefits of security compliance, both internally and within partnered organizations. To reflect an increase in IT security breaches, the number of regulatory standards for information security management has grown. Abacus Solutions recognizes this industry trend as the “new normal,” one that will become increasingly complex as more compliances are required for businesses to operate in the PaaS provider space.
When customers transition to the Abacus Cloud, they’re moving critical business applications from on-premise IBM i infrastructure to an AS/400 cloud environment. Chief Operations Officer, Thomas Harris, reflected on how ensuring the security of customer data became more than a checkbox to tick; it became a company culture shift. “Data security is critical to the ongoing operations of our customers. In order to meet the needs of our growing client base, Abacus needed to adopt a more security-centric culture,” Harris explains.
Currently, Abacus maintains both the SOC 2 (Type 1 and Type 2) compliance certification, determined by the American Institute of CPAs (AICPA), as well as the ISO 27001 certificate, established by the International Organization for Standardization, for secure management of financial information, intellectual property, and employee details. Abacus also maintains GDPR compliance for its international clients.
Achieving this security posture does not come without challenges. Keeping the SOC 2 Type 2 and ISO 27001 certifications involves providing extensive proof of compliance and conducting audit walkthroughs with third party auditing agents. Annual surveillance audits, as required for the ISO 27001 certificate, are performed every year until the certification cycle is renewed every three years. Additionally, employees who grew accustomed to their own department’s approach to security, even documenting it that way, needed to align their processes to the newly adopted frameworks. Formalizing the company’s security practice in order to establish consistency across the board, and not just for certain activities and certain times of the year, was crucial to the success of the shift.
We were doing a lot of these controls and safeguarding already; however, we were doing them in a decentralized, or departmentally-siloed, manner without a core framework to use. Using frameworks like the ones created by the ISO allows us to take ownership of a central process and get behind one methodology of security and compliance.” – Thomas Harris, Chief Operating Officer
As for its future compliance goals, Abacus is working on a domestic (US) privacy program to pair with its GDPR compliance, as well as becoming HIPAA compliant. Of the additional compliance certifications, Harris says, “It’s all part of our evolving stance towards privacy and security.” Abacus also intends to become ISO27701 compliant. This data privacy-centric certification isn’t a requirement for the business space it operates in, but it shows prospective clients how seriously Abacus takes privacy concerns.
Companies who are looking for an enterprise-level Platform as a Service provider should seek out those who, at a minimum, have SOC 2 Type 1 and ISO27001 certifications. Abacus believes it can be the ideal PaaS provider for businesses of all types and sizes by working to achieve security compliances beyond its industry requirements. And as more businesses pivot to remote work, providing secure ERP systems and highly secured environments in our hosted infrastructure can give them peace of mind. If you’re looking for a PaaS provider that will reliably secure your data, contact Abacus Solutions today.