Security
ISO 27001:2013 inclusive of ISO 27017:2015
ISO 27001:2013 is a risk-based set of information security requirements that require an organization to have a well-structured Information Security Management System (ISMS). Maintenance of the system requires annual audits by external auditors, ongoing risk assessments, and continuous improvement of the system.
ISO 27017:2015 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards. This code of practice provides additional information security controls implementation guidance specific to cloud service providers.
TraceLink's Information Security Management System (ISMS) has been independently verified to meet the requirements of both of these standards.
TraceLink’s ISO 27001 certificate is available here.
Additional information on ISO 27001 can be found here.
SOC 2 / ISAE 3000 Type II
A SOC 2 Report is based upon the Trust Service Criteria (TSC) and performed under AT-C 105 and 205, and includes detailed description of the audit scope, the controls implemented to meet the selected TSC, description of tests performed, and results or opinion on the description of the system. Additional controls were included to ensure coverage with the ISAE 3000 framework for our international customers.
TraceLink has selected the Security, Availability, and Confidentiality Trust Services Criteria for this attestation.
To request a confidential copy of TraceLink's SOC 2 / ISAE 3000 Type II report, please email artifact-request [at] tracelink.com (artifact-request[at]tracelink[dot]com).
Additional information on SOC 2 can be found here.
Additional information on ISAE can be found here.
SOC 3
A SOC 3 Report, like SOC 2, is based upon the Trust Service Criteria and performed under AT-C 105 and 205, the difference being that a SOC 3 Report can be freely distributed (general use) and only reports on whether the entity has achieved the Trust Services Criteria or not (no description of tests and results or opinion on the description of the system).
TraceLink has selected the Security, Availability, and Confidentiality Trust Services Criteria for this attestation.
TraceLink’s SOC 3 report is available here.
Additional information on SOC 3 can be found here.
Veracode Verified
The Veracode Verified program confirms that TraceLink’s secure software development practices meet or exceed the requirements of Veracode’s program tiers.
Verified status can be viewed in the Veracode Verified Directory.
An attestation letter is available here.
Additional information on the Veracode Verified program can be found here.
Quality
ISO 9001:2015
ISO 9001:2015 is a well-known international standard relating to quality management. This certification signifies that an organization has the ability to consistently provide products and services via a risk-based approach that meets customer and regulatory requirements. TraceLink’s Quality Management System (QMS) has been independently verified to meet the requirements of this standard.
TraceLink’s ISO 9001 certificate is available here.
Additional information on ISO 9001 can be found here.