Our established process and roadmap.
Media.Monks has established a global Information Security Management System aligned with the ISO27001 standard, which is being certified in different offices around the globe. Below are our compliance achievements as well as the roadmap for improving our maturity level down the line.
Our global Information Security Management System has been certified under the ISO27001 standard. This certification means that Media.Monks has implemented and maintains a rigorous security program in accordance with the ISO/IEC 27001:2013 standard, has a systematic approach to managing sensitive information and has implemented controls to protect it against unauthorized access, misuse, disclosure, or destruction. This certification provides assurance to our customers, stakeholders, and partners that we have implemented adequate measures to protect their information.
ISO 27001 covers controls in 14 sections: information security policies, organization of information security, human resource security, asset management, access control, cryptography, physical and environmental security, operations security, communications security, system acquisition, development and maintenance, supplier relationships, information security incident management, and information security aspects of business continuity management.
We are committed to the automotive industry information security standards with the TISAX (Trusted Information Security Assessment Exchange) certification allowing us to process sensitive information from your customers as it follows.
The TISAX assessment covers a wide range of information security topics, including access control, data protection, incident management, business continuity, and physical security. The TISAX certification provides a standardized and recognized approach to information security assessment in the automotive industry, which helps to improve the overall security posture of companies working in this sector. It also facilitates the exchange of sensitive information between companies by providing a trusted platform for sharing data.
UK Cyber Security Essentials
Media.Monks UK offices are certified under the UK Cyber Essentials scheme, a set of guidelines developed by the UK Government to help businesses and organizations protect themselves from common cyber threats. The guidelines are based on five key principles: secure your Internet connection, secure your devices and software, control access to your data and services, protect yourself from viruses and other malware, keep your devices and software up to date.
CyberGRX Tier 2
Media.Monks has completed the CyberGRX assessment which has been independently validated by Deloitte and KPMG. Access to the assessment report can be requested here. You can also use CyberGRX’s Framework Mapper feature which will allow you to map our assessment to commonly used industry frameworks and standards to instantly gain visibility into controls coverage.
SOC2 Type I
We have acquired the SOC2 Type I report for our Data and Digital Media services in the US in November 2022. This is an attestation report that provides information on the controls that a service organization has implemented to protect the security, availability, processing integrity, confidentiality, and privacy of its customers' data at a specific point in time. The report is based on an independent audit performed by a third-party auditor, BDO, using the American Institute of Certified Public Accountants (AICPA) Trust Services Criteria (TSC).
We are currently working on the SOC2 Type II report expected for 2023.
We’ve set up safeguards to avoid and minimize any security risks. These protections cover four main areas: organizational security, internal security, infrastructure security, and data protection. Learn more about these controls in detail.