Ensono has a strong emphasis on information security and compliance with regulatory and industry standards. These are essential to our ability to continuously earn and sustain clients’ trust. Our assurance programs underpin our infrastructure and managed services, and provide third party-validated attestations on controls we have implemented to safeguard critical assets, provide high quality services and process assurance, and to help clients meet their compliance obligations across various regulatory and industry standards.
SOC 1 and 2 Reporting
Our US operations undergo annual SOC 1 & SOC 2 Type II evaluations conducted by an independent third party. The reviews and attestations provide assurance on the design and operating effectiveness of controls impacting clients financial reporting, as well as information security Trust Services Principles. These third party deliverables, help our clients meet their legal compliance obligations.
In line with its commitments, Ensono has achieved and maintains ISO certifications in information security management, quality and IT service management, and business continuity management in the United Kingdom. Ensono has achieved ISO 27001:13 certification for our operations in the United States, UK, Poland, Germany and India.
Data Protection and Privacy
Considering the scale of our operations and our clients’ global reach and vertical segmentation, Ensono has a proactive approach to complying with regulatory standards on data privacy and security. To enable the processing and free flow of data through a valid transfer mechanism between our European and US operations, Ensono is certified under the EU-US Privacy Shield Framework to process both HR and Non-HR Data. Please see our listing on the Privacy Shield website here: https://www.privacyshield.gov/list.
To ensure compliance with the EU General Data Protection Regulation (GDPR), Ensono is in the process of implementing required controls and processes to enable and sustain continuous compliance, as stipulated under the regulation. Our GDPR compliance effort focuses on applying technical and organizational controls to safeguard EU personal data, including processes and technologies our company uses in processing such data. These controls span enterprise systems, third-party service providers, as well as our products and services – in particular, how we design them and engineer security and privacy-enabling controls into our products.
Compliance with Industry and Regulatory Standards
Our solutions are designed to enable clients meet their various regulatory compliance obligations across industry verticals. To standardize and enhance this portfolio of solutions, we are undertaking a multifaceted initiative to align our control baseline with leading industry frameworks and regulatory requirements, including but not limited to NIST 800-53, PCI DSS 3.2, HIPAA and FedRAMP.
These initiatives are anchored to an automated and converged controls framework that enables efficient and effective governance, risk management and audit support.