Digital transformation prior to the Covid-19 was an ongoing strategy for many organizations; but with lockdowns across the globe, businesses of every size were forced to implement complex remote work policies in a matter of weeks. This vast change to security perimeters is an added burden to an already security-focused IT community.
At Liongard, the responsibility is two-fold: to ensure the security of our product and to empower our partners to stay ahead of security risks on behalf of their customers. Founders Joe Alapat and Vincent Tran who are both CISSPs, and Information Security Architect Art Chavez have been diligent in creating an ever-evolving and proactive strategy to strengthen our security posture.
How We Stay Compliant
Liongard chooses to follow the National Institute of Standards and Technology (NIST) cybersecurity framework set by the U.S. Department of Commerce. Considered the gold-standard in our industry, the voluntary NIST framework consists of standards, guidelines and best practices that businesses must be able to quantify and validate in order to become accredited.
Most MSPs are familiar with SOC2 Type I certification, the first of two steps in security and privacy certification developed by the American Institute of CPAs (AICPA). This verifies the security, availability, processing integrity, confidentiality, and privacy of a system at a specific point in time. Liongard completed this in 2019.
More coveted and difficult to obtain is SOC2 Type II certification, which requires more evidence than Type I. Specifically, the auditing organization chooses five types of software or data pieces, and the business must demonstrate its adherence to standards across the board over a period of at least six months.
A company with SOC2 Type II certification, in short, has demonstrated that its systems have been designed and verified to keep sensitive data secure. Liongard earned SOC2 Type II certification in 2020.
This rigorous audit was nothing short of mandatory to our security posture in order to do two things:
It keeps the PII (personally identifiable information) and privacy of our own employees, leadership and investors secure; and
It protects our MSP clients’ data and provides that extra peace of mind to them, as well as their customers.
The Health Insurance Portability and Accountability Act (HIPAA), passed by Congress in 1996, among other things, requires the protection and confidential handling of protected health information. Although not mandated for Liongard because we don’t touch or store patient data directly, we choose to be compliant with all HIPAA regulations in order to help our own MSP clients demonstrate due diligence to their healthcare customers. This chain of risk mitigation is only becoming more common, so we felt a proactive approach would benefit all parties.
More Ways We Maintain the Trust of Our Clients
In addition to adhering to NIST’s cybersecurity framework, becoming SOC2 certified and following HIPAA regulations, we’re taking these extra measures for increased cybersecurity:
The PCI Security Standards Council develops and drives the adoption of data security standards and secure card payments. Whenever Liongard runs a credit card for payment, our clients can be confident that we have security in place to protect their private payment information.
The General Data Protection Regulation (GDPR) became effective May 25, 2018, with the purpose of strengthening the security and regulation of data protection across the European Union, giving people greater rights to access and control their personal information. Liongard is committed to ensuring compliance with these laws and regulations through our GDPR Data Processing Policy.
As technologies evolve, the MSP and IT community must continue to adapt and learn. We recently released our latest eBook, The Definitive Guide to IT Security, which highlights prominent security assessments your MSP should consider, along with lots of great security tips.
For more information on how Liongard protects MSP data and privacy, visit our Trust Center.