CompliancePoint Partners with Mastermind to Launch End-to-End ISO Certification Process

DULUTH, G.A., Sept. 05, 2024 – CompliancePoint, Inc., a leading provider of risk management services focused on privacy, data security, and compliance, has partnered with Mastermind, a certification body accredited by the International Accreditation Service that specializes in the auditing of ISO standards. The companies will work together to guide organizations through the entire ISO certification process, from initial readiness assessments and policy development to the resulting certification audit.

CompliancePoint is an advisory partner that works closely with customers to help them prepare for their external ISO audit and maintain the underlying management system after initial certification issuance. Engagements typically begin with an upfront gap assessment to identify where an organization’s existing security program falls short of ISO requirements. CompliancePoint’s ISO experts work with customers to design and implement the security controls, policies, and procedures that bring the organization into conformity with these nuanced ISO standards.

When an organization is ready to test its ISO compliance, Mastermind can conduct the third-party assessment and determine if certification can be issued under accreditation. Following a successful audit, Mastermind can perform the surveillance and recertification audits needed to keep the certification in good standing.

Organizations can utilize the CompliancePoint and Mastermind partnership to achieve certification with the following ISO standards and related extensions:

ISO 27001: This highly recognizable standard is designed to help organizations protect their data through an Information Security Management System (ISMS). CompliancePoint and Mastermind can also help with popular extensions, such as ISO 27017 and ISO 27018 that comprise relevant security and privacy controls for environments leveraging public cloud environments.

ISO 27701: This privacy-focus standard protects personally identifiable information (PII) through a Privacy Information Management System (PIMS) while providing a snapshot to an organization’s alignment with laws, such as the European Union General Data Protection Regulation (GDPR).

ISO 42001: This new artificial intelligence (AI) standard is designed to mitigate risks associated with the development, implementation, and management of AI systems via an AI management system (AIMS). In July, Mastermind announced its award as the first certification body globally to offer these certification services under accreditation.

CompliancePoint and Mastermind can also help businesses obtain registration onto the Cloud Security Alliance Security, Trust, Assurance, and Risk (CSA STAR) registry. Similar to ISO 27017, CSA STAR assesses additional security controls expected of cloud service providers as an extension to an underlying ISMS. Mastermind is part of a small group of approved Certified STAR Auditors.

“We’re excited to join forces with a company that has the proven level of ISO expertise of Mastermind.” said CompliancePoint President Greg Sparrow. “Our combined service offerings provide greater clarity and consistency throughout the process, saving our customers time and money, and ultimately leading to more successful outcomes with less headaches.”

“This alliance goes beyond a simple referral network, as both of our organizations share a strong foundation, a broad community, and a shared vision for the future of trust among service providers through verifiable, continuous assurance programs. We are intrigued by the opportunity to exchange insights on our overlapping areas of expertise and to further strengthen our combined specialization across these frameworks,” said David Forman, Chief Executive Officer at Mastermind.

About Mastermind

Mastermind is the most exclusively focused and expert-driven certification body on the planet, specializing in information security, privacy, and the responsible use of artificial intelligence in the cloud. Mastermind’s services comprise the assessment and accredited certification of management system scopes conforming to ISO 27001, ISO 27017, ISO 27018, ISO 27701, and ISO 42001, as well as CSA STAR. https://mastermindassurance.com.

About CompliancePoint

CompliancePoint is a leading provider of risk management services focused on privacy, data security, and compliance. Organizations face risks associated with how they engage and collect information from the marketplace, how they process this information internally, and with whom they share information downstream. Our mission is to help our clients interact responsibly with their customers and the marketplace through a full suite of services that help organizations manage and respond effectively to cybersecurity risks. Using our IDENTIFY, MITIGATE & MANAGE approach, we help organizations proactively analyze risk, respond to incidents & breaches, and implement long-term programs to manage and adapt to the ever-changing threat landscape. Learn more at www.compliancepoint.com.