.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
.avif?width=1024&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Shared - Banner with Media - Background")
Security compliance and certifications
Sophos continuously monitors evolving regulatory standards across the globe. We incorporate the latest relevant controls into our organisation, products, and technology to help our customers meet their compliance obligations.
22 Compliance frameworks
SOC 2
Validates how we manage customer data across security, availability, confidentiality, and privacy.
ACCREDITATION
ISO 27001:2022
Demonstrates integration of security, privacy, and ongoing improvement into our daily operations.
RESOURCES
ISO 27017:2015
Establishes information security controls that are specific to public cloud environments.
ISO 27018:2019
Establishes information security controls for protecting personally identifiable information (PII) data in public cloud environments.
TX-RAMP
Products certified under the Texas Risk and Authorization Management Program (TX-RAMP) demonstrate compliance with rigorous security standards required for Texas state agencies and public institutions.
ACCREDITATION
PCI DSS
Protects credit card data by ensuring secure storage, transmission, and handling of payment info.
ACCREDITATION
C5 Germany
Established by the German Federal Office for Information Security (BSI) to define a comprehensive set of security and compliance requirements for cloud service providers.
ACCREDITATION
HIPAA
Protects the privacy and security of medical records and health information in the U.S. healthcare industry.
ACCREDITATION
GDPR
Ensures data protection and privacy for individuals in the EU and EEA, including data transfers beyond these regions.
CPRA
Expands California consumer privacy rights and protections, with new enforcement through the CPPA.
RESOURCES
NIST SP800-171
Outlines safeguards for controlled unclassified information in non-federal systems.
RESOURCES
HITRUST CSF
Combines multiple standards to manage risk and ensure compliance across the healthcare industry.
RESOURCES
NIS2
Sets stricter cybersecurity rules across the EU for infrastructure and digital service providers.
Digital Operational Resilience Act (DORA 2022/2554)
The EU’s Digital Operational Resilience Act (DORA 2022/2554) regulates financial entities through contractual requirements with technology providers, including cybersecurity.
RESOURCES
SOX
US federal law enacted to improve corporate governance and provide more transparency for investors.
CIPA
Establishes technologic requirements to protect children from harmful content online.
NIS Directive
The first piece of EU-wide legislation on cybersecurity, it provides legal measures to boost the overall level of cybersecurity in the EU.
RESOURCES
POPI
South African data protection law designed to safeguard personal information and establishes rights for individuals to have control over their personal data.
RESOURCES
NIST CSF
Framework based on five core functions to manage cybersecurity risks: identify, protect, detect, respond, and recover.
RESOURCES
NYDFS
The New York State Department of Financial Services (NYDFS) regulates financial institutions and services operating in New York State.
RESOURCES
Ohio DPA
State-level legislation designed to protect Ohioans’ sensitive personal information and establishes cybersecurity standards for organizations to follow.
RESOURCES
ASD
Data sovereignty and security solutions for organizations in Australia that have strict national or local regulatory or policy requirements
RESOURCES
CIS Controls
Set of best practices and cybersecurity requirements developed by the Center of Internet Security (CIS)
*Reports available to interested parties once an NDA has been signed. Please contact your account manager or Sophos sales to request a copy.