TraceLink Successfully Completes Industry-Leading Audits: ISO/IEC 27001:2022, ISO/IEC 27017:2015, SOC 2/ISAE 3000 Type II, and CyberVadis

BOSTON, Massachusetts — December 9, 2024 — TraceLink, the largest end-to-end digital network platform for intelligent orchestration of the supply chain, has reinforced its leadership in cybersecurity preparedness by completing independent audits for compliance with the International Organization for Standardization’s (ISO) / International Electrotechnical Commission (IEC) 27001:2022 and 27017:2015, as well as Service Organization Controls (SOC) 2 / International Standard on Assurance Engagements (ISAE) 3000 Type II for Security, Availability, and Confidentiality. Validated by independent compliance assessor A-LIGN, these achievements demonstrate TraceLink’s world-class security practices and unwavering commitment to protecting customer data, confirming that its information security management system, certified since 2018, complies with the latest version of ISO/IEC 27001 and maintains compliance with cloud-centric controls. Adding to this achievement, TraceLink earned a top-tier "mature" rating of 946/1000 in the CyberVadis Risk Management Assessment, underscoring the company’s proactive and advanced approach to cybersecurity.

These industry-leading compliance benchmarks assure customers that their supply chain data is safeguarded by the highest international standards. By maintaining robust security measures across its OPUS (Orchestration Platform for Universal Solutions) and cloud environments, TraceLink enables customers and their supply chain trading partners to focus on driving business growth with the confidence that their information is secure, compliant, and protected from evolving cyber threats.

"These certifications reaffirm our commitment to protecting customer data with the highest standards of privacy, governance, and risk management," said Shabbir Dahod, President and CEO of TraceLink. “Independent validation that our rigorous security program covers even our newest OPUS platform and offerings provides customers with the transparency needed for confidence and trust.” 

ISO/IEC 27001:2022 Certification Inclusive of ISO/IEC 27017:2015
ISO/IEC 27001 is the world’s best-known standard for information security management systems (ISMS). Certification demonstrates compliance with the requirements, principles, and best practices associated with the standard across a broad set of control domains further defined in ISO/IEC 27002:2022. ISO/IEC 27017:2015 provides additional guidance for companies with respect to cloud computing, expanding on the guidance provided in ISO/IEC 27002 and defining additional controls that specifically relate to cloud services. These certifications assure customers that their information is securely managed and controlled across all TraceLink services.

SOC 2 / ISAE 3000 Type II Attestation
Established by the American Institute of Certified Public Accountants (AICPA), the SOC 2 examination ensures organizations protect customer assets by reviewing their infrastructure, software, policies, and operations. Recognized globally, SOC 2 affirms adherence to rigorous security standards. Additional controls were included to ensure coverage with the ISAE 3000 framework for our international customers. This attestation demonstrates TraceLink’s ongoing commitment to security, availability, and confidentiality, ensuring customers’ data is protected within a secure, reliable, and compliant platform.

CyberVadis Certificate of Security Assessment
CyberVadis is a trusted platform for third-party cybersecurity risk assessments, helping global companies mitigate supply chain cyber risks. Its scalable solution evaluates vendor cybersecurity maturity using a methodology based on international standards and frameworks. This certification underscores TraceLink’s proactive approach to cybersecurity, assuring customers of resilient and secure supply chain operations.

“The successful completion of these industry-leading audits demonstrates TraceLink’s ongoing commitment to ensuring the security of our customers' data and their critical business processes," said Dan Nelson, CISO of TraceLink. “These audits serve as an essential external benchmark, validating the maturity of our security program and adherence to widely recognized frameworks.”

Earning such certifications and attestations positions TraceLink as a trusted partner in the supply chain industry, ensuring that organizations can rely on TraceLink for secure and compliant solutions to manage and orchestrate their supply chain networks effectively.

Learn more about TraceLink’s security certifications and attestations.