Trust, but verify Trust, but verify

Information Security at EPI-USE Labs

EPI-USE Labs offers innovative cloud platforms for client interaction and management of SAP® landscapes. From the beginning of the design stages, we were mindful of the trust our clients place in us with the security of our data. Accordingly, we’ve implemented best practice information security standards that include technology, processes and people to minimize the risk of security incidents.

EPI-USE Labs adopted the Information Security Management System and controls from ISO/IEC 27001 that govern the management, development and operations of our cloud platforms. To verify the proper implementation and effectiveness of our security controls, we’ve undergone multiple, rigorous independent audits by an accredited certification registrar. Subsequently we have been awarded ISO/IEC 27001 certification and ISAE 3402 / SSAE 16 (SOC 1) Type I assurance reports.

About ISO/IEC 27001

ISO/IEC 27001 is an internationally-recognised information security management standard that ensures organisations can apply a framework to business processes to help identify, manage and reduce risks to data security. The accreditation process considers not only IT but all business operations. To meet the criteria, a company must demonstrate that it has a systematic and ongoing approach in place to manage sensitive company and customer information.

About ISAE 3402

ISAE 3402 is a benchmark certification by the International Auditing Assurance Standards Board (IAASB). It is a global assurance measure for reporting on controls at a service organisation and was developed to provide a yardstick for auditors to evaluate and ensure the integrity of an organisation’s internal controls.

About SSAE 16

SSAE 16 is designated by the U.S. Securities and Exchange Commission (SEC) as an acceptable method for a user entity’s management to obtain assurance about service organization internal controls without conducting additional assessments. In addition, the requirements of Section 404 of the Sarbanes-Oxley Act of 2002 make SSAE 16 reports even more important to the process of reporting on effective internal controls by public companies.