Posts

SOC2 Certification 

Prophecy International is committed to protecting customer data and maintaining robust information security practices. 

On 27 September 2024, emite successfully completed a SOC2 Type 2 audit. This certification covers the period from January 1 2024 to June 30 2024, and was conducted by Grant Thornton Audit Pty Limited, an independent auditing firm. 

SOC2 (Service Organization Control 2) is a framework for managing data security, availability, processing integrity, confidentiality, and privacy.  

SOC2 compliance is crucial for businesses that handle sensitive customer data. It provides assurance to our clients that we have implemented stringent controls to protect their information. By achieving SOC2 compliance, we demonstrate our dedication to maintaining the highest standards of security and data management. 

Scope of the SOC2 audit 

The audit was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants (AICPA) and the International Standard on Assurance Engagements (ISAE) 3000 (Revised), providing a rigorous and credible evaluation process. 

The SOC2 audit covered the description of our technology platforms and assessed the suitability of design and operating effectiveness of our controls. This comprehensive approach reflects our operations and confirms that our controls are both well-designed and functioning effectively to meet SOC2 requirements. 

Key requirements met by emite 

  • Comprehensive system description and controls for our technology platforms. 
  • Adherence to trust services criteria for security, availability, processing integrity, confidentiality, and privacy. 
  • Suitable design and implementation of controls. 
  • Effective operation of controls throughout the audit period. 
  • Transparent communication with auditors. 
  • Robust internal evaluation processes. 
  • Compliance with relevant laws and regulations. 
  • Ongoing monitoring and improvement of security measures. 

Management commitment 

emite’s management takes full responsibility for the system description, control design, and adherence to trust services criteria. We are dedicated to maintaining our compliance and continuously improving our security measures to protect our clients’ data. 

Our commitment to SOC2 compliance is ongoing. As of the date of our certification, there have been no significant changes or events affecting our compliance status. We continue to monitor and maintain our systems and controls for consistent adherence to SOC2 standards. 

ISO 27001 Certification

Prophecy International is continuously investing time and resources to meet customers’ strict requirements for internal controls over financial reporting and data protection across a variety of highly regulated industries. We are pleased to announce that Prophecy International has successfully completed ISO 27001 certification for its applications Snare and emite, covering the development and delivery of the environments within the organisational units of Intersect Alliance International Pty Ltd (Snare) and emite Pty Ltd (emite). 

The certification was completed by SAI Global in Australia, covering ISO/IEC 27001:2022 for the scope of “The Information Security as related to the development and delivery of the Snare and emite solutions as defined in the Statement of Applicability version 1.0 dated June 2024.”  Certification is valid as of 30 September 2024 with certificate number ITGOV40332. 

The issuance of this certificate reaffirms our commitment to internal control and data protection. Customers may use this third-party audit to assess how Prophecy International software and services can meet their compliance and data-processing needs. 

Information is the lifeblood of most contemporary organisations. It provides intelligence, commercial advantage, and plans that drive success. Most organisations store these highly prized information assets electronically. Therefore, protection of these assets from either deliberate or accidental loss, compromise, or destruction is increasingly important.

ISO 27001 is a risk-based compliance framework designed to help organisations effectively manage information security. 

Having an international standard for information security allows a common framework for managing security across business and across borders. Within an ever more connected world, the security of information is increasingly important.

Data and information need to be safe, secure, and accessible. The security of information is important for personal privacy, confidentiality of financial and health information, and the smooth functioning of systems and supply chains that we rely on in today’s interconnected world.

 ISO 27001 provides the framework for organisations and security teams to effectively manage risk, select security controls, and most importantly, a process to achieve, maintain, and prove compliance with the standard. Adoption of ISO 27001 provides real credibility that we understand security and take security seriously. 

ISO 27001 is made up of a number of short clauses, and a much longer Annex listing 93 controls. The most important of the short clauses relate to: 

  • The organisational context and stakeholders 
  • Information security leadership and high-level support
  • Planning of an Information Security Management System (ISMS), including risk assessment; risk treatment 
  • Supporting an ISMS
  • Making an ISMS operational 
  • Reviewing the system’s performance 
  • Adopting an approach for corrective actions. 

Based on the risk profile of the organisation, controls may be selected to manage identified risks. Within the Annex, the 93 listed controls are broken down into Organisational, People, Physical and Technological controls covering: 

  1. Information security policies. 
  2. Organisation of information security. 
  3. Human resource security. 
  4. Asset management. 
  5. Access control. 
  6. Cryptography. 
  7. Physical and environmental security. 
  8. Operations security. 
  9. Communications security. 
  10. System acquisition, development and maintenance. 
  11. Supplier relationships. 
  12. Information security incident management. 
  13. Information security aspects of business continuity management. 
  14. Compliance. 

How Snare and emite can help 

There is an increasing global need to enhance security, no matter the size of an organisation or the industry. One step towards securing your organisation is choosing suppliers who have not only demonstrated a commitment to security but have the certifications to back it up. Our priority is your security – let us know how we can help! 

Contact your regional Snare or emite team.