We understand that many of our customers are required to perform due diligence of their suppliers. As a key supplier into many rigorously regulated industries, Sungard Availability Services takes a risk-based approach, utilizing defense-in-depth information security practices, to enable ongoing adherence to our regulatory obligations and the downstream requirements of our customers.
Below is a description of Sungard Availability Services’ certification and compliance programs:
SSAE 18/ISAE 3402
Statement on Standards for Attestation Engagements no. 18 (SSAE 18) and International Standard on Assurance Engagements 3402 (ISAE 3402) are assurance standards on reporting developed to give assurance to an organization’s customers that the organization has adequate internal controls. Sungard Availability Services’ SSAE 18 and ISAE 3402 assessments are focused on the services that are provided at data and recovery centers locations throughout North America and Europe, and the applicable services that are centralized in office locations around the world.
Sungard Availability Services utilizes an independent third party to perform an annual assessment and produce a SOC 1 Type 2 Report on the controls to deliver Managed Services to customers globally.
Sungard Availability Services utilizes an independent third party to perform an annual assessment and produce a SOC 2 Type 2 Report on the controls to deliver Managed Services to customers in North America.
Sungard Availability Services utilizes an independent third party to perform an annual assessment and produce an AT-C 205 Report on the controls to deliver Recovery Services to customers in North America.
ISO/IEC 27001 – Certificate # IS 610019
ISO/IEC 27001 is an international that specifies the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS). The Sungard Availability Services ISMS applies to the processes, people, and assets globally that support Managed Services, Cloud Services, and Recovery Services. The Sungard Availability Services ISMS and all data, operation, and recovery centers globally are certified to the ISO 27001 standard.
ISO/IEC 20000 – Certificate # ITMS 606404
ISO/IEC 20000 is the international standard that specifies the requirements for establishing, implementing, maintaining and continually improving a Service Management System (SMS). The Sungard Availability SMS is organized around a service-centric operating model, based on an ITIL v3 (Information Technology Infrastructure Library) and ITSM (Information Technology Service Management) structure. The Sungard Availability Services SMS that delivers Managed Services to customers globally is certified to the ISO 20000 standard.
ISO 22301 – Certificate # 10376150
ISO 22301 is the international standard that specifies the requirements to implement, maintain and improve a Business Continuity Management System (BCMS). Sungard Availability Services has a defined internal business continuity plan (BCP) and business continuity disaster recovery procedures for its staff, facilities, and services. The Sungard Availability Services BCMS and all Sungard Availability Services data and recovery centers globally are certified to the ISO 22301 standard.
The Payment Card Industry Data Security Standards (PCI DSS) set the operational and technical requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions. Though not required to be compliant, Sungard Availability Services maintains a certification for the PCI DSS Requirements relevant to the Sungard Availability Services Global Management Network and Managed Services data centers to enable customers who are required to be compliant achieve their own certification.
Cyber Essentials – Certificate # IASME-CE-014969
Cyber Essentials is a United Kingdom government information assurance scheme operated by the National Cyber Security Centre (NCSC). With a narrower focus on technical controls, Cyber Essentials helps enterprises achieve certification of their supply chain security as an alternative to the ISO/IEC 27001 standard. Sungard Availability Services maintains a Cyber Essentials certification for the Global Organization and a Cyber Essentials Plus certification for the UK Sovereign Cloud service offering.
Health Data Hosting (HDS) – Certificate # HDS 737477
The French Public Health Code (Article L.1111-8) requires that hosts of certain types of digital health data achieve HDS (Hébergeur de Données de Santé) certification. Based on Sungard Availability Services’ ISO 20000 and ISO 27001 Certifications, the Sungard Availability Services Health Data Hosting Management System (HDHMS) is certified to the HDS standard as a “Physical Infrastructure Provider” for the following activities at Sungard Availability Services’ Lognes, France data center:
- Provision and maintenance in operational condition of physical sites for hosting the hardware infrastructure of the information system used to process the health data.
- Provision and maintenance in operation condition of the hardware infrastructure of the information system used to process the health data.
ISO 14001 is the international standard that specifies the requirements to implement, maintain and improve an Environmental Management System (EMS). Sungard Availability Services’ Sustainability Policy is based on a company-wide commitment to embed sustainability factors into the core operations of Sungard Availability Services' business. Sungard Availability Services works within the guidelines of the ISO 14001 environmental management standard. However, certification has not been achieved. Sungard Availability Services has been awarded a Bronze CSR rating by EvoVadis.
Crown Commercial Service’s Technology Services 3 Framework
Crown Commercial Service’s (CCS) Technology Services 3 (TS3) RM6100 framework supports the public sector to achieve maximum commercial value when procuring common goods and services. TS3 is the latest iteration of the highly successful Technology Services 2 framework for central government departments, non-departmental public bodies, NHS bodies and local authorities in the UK, covering ICT services from strategy to transition and operational deployment. On the TS3 framework, public sector departments will be able to access the company’s extensive IT services portfolio for terms of up to 5 years and beyond via the following Lots: Lot 3a: End User Services; Lot 3b: Operational Management; Lot 3c: Technical Management; and Lot 3d: Application & Data Management.