SOC 2 TYPE II-COMPLIANT CONDUCT AND COMPLIANCE SOLUTIONS

Behavox strictly adheres to SOC 2 Type II standards to deliver the industry’s most secure and trusted compliance and conduct risk mitigation.

WHAT IS SOC 2 TYPE II COMPLIANCE?

The American Institute of Certified Public Accountants (AICPA) System and Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data.

Completion of SOC 2 Type II reports attests to our commitment to the security, availability and privacy of our products and protection of customer data.

Additional information can be found at: https://www.aicpa.org/

DUE DILIGENCE SECURITY RISK ASSESSMENT

Customers can now request the Behavox CyberGRX validated report for their third-party supplier due diligence. The CyberGRX platform simplifies the risk assessment process for Behavox and customers by distributing all future updates of new assessments and audited controls from a single source. The customers also can monitor the risk scores and receive data breach alerts from the platform.

THE ASSESSMENT DETAILS

Methodology

Third-party CyberGRX report provides a standardized vendor assessment survey, analysis and reporting based on the National Institute of Standards and Technology (NIST) SP 800-53 and International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 frameworks.

The assessment features five control groups:

Strategic

Operations

Core

Management

Privacy

The aforementioned groups include controls and sub-controls based on the following frameworks: SOC, ISO 27001, NIST 800-53, NIST 800- 171, NY-DFS, PCI DSS, FFIEC, SIG, and more

Remote and On-Site Validation

Remote and On-Site validation requires a third party to provide CyberGRX Analysts with evidence artifacts that support their assessment answers.

This validation process proceeds as follows:

Selection of Controls

Evidence Request and Collection

Evidence Submission

Evidence Evaluation

Framework Mapping

Upon registration to CyberGRX platform our customers will be able to request the latest completed Risk Assessment report and map the assessment results to industry frameworks as well as custom frameworks to gain granular visibility into controls coverage.

The mapped frameworks are including but not limited to the following:

Cybersecurity Maturity Model Certification (CMMC) Level 5

National Institute of Standards and Technology (800.53 Revision 5 & CSF)

Cloud Security Alliance (CSA-CCM & CAIQ)

MITRE ATT&CK Framework

California Consumer Privacy Act (CCPA)

General Data Protection Regulation (GDPR)

NYDFS Cybersecurity Regulation (23 NYCRR 500)

Threat Profile: Accellion File Transfer Application Breach

LogJam (CVE-2021-44228)