Our security & privacy certification initiative
SkyKick takes its responsibilities with regards to data protection, information security, and compliance extremely seriously. We continuously work on improving our services by which we protect and secure your and your customers’ data.
SkyKick systems, policy, processes, and procedures are actively aligned with and audited on industry-recognized standards and best practices, such as the Cloud Security Alliance STAR program, the worldwide recognized cybersecurity standard ISO 27001, and the industry leading Data Pro Code on data protection and privacy.
More information on the SkyKick Cloud Security Alliance Trusted Cloud Provider Seal, its ISO 27001:2013 certification, ISO 27701:2019 certification and Data Pro certification which were attained through its rigorous security & privacy compliance program and independent third party audits can be found below.
Cloud Security Alliance – Trusted Cloud Provider
As a part of its continued commitment to providing Partners and Customers with top-notch security and privacy controls SkyKick has partnered with the Cloud Security Alliance, a global non-profit organization that promotes best practices for cloud security and provides a globally recognized framework for evaluating cloud providers.
SkyKick has obtained the Trusted Cloud Provider seal and the STAR (Security, Trust, Assurance & Risk) Level 1 (L1) from the Cloud Security Alliance. The STAR L1 attestation process is a rigorous self-assessment of a cloud provider’s security & privacy compliance posture, based on the Cloud Control Matrix as published by the Cloud Security Alliance.
The Cloud Control Matrix also maps to other industry standards and frameworks, giving SkyKick Partners and Customers a clear insight into the technical and organizational measures that SkyKick has already implemented in relation to ISO27001, ISO27701, CIS v8.0, NIST SP800-53 and the SOC2 (Service Organization Control 2) Trusted Service Criteria.
The Trusted Cloud Provider seal from the Cloud Security Alliance further demonstrates SkyKick’s full commitment to meet industry best practice and standards of excellence in security, privacy, and reliability through providing secure and trustworthy cloud services to Partners and Customers, which is further backed up by its existing ISO27001, ISO27701 and Data Pro certifications. The following security assessment documentation can be accessed online here:
- SkyKick Trusted Cloud Provider STAR registry listing
- SkyKick Consensus Assessments Initiative Questionnaire (CAIQ) v4.0.2
The CAIQ V4 registration includes a download of the Cloud Security Alliance security questionnaire based on the Cloud Control Matrix (CCM) version 4.
ISO 27001 & ISO 27701 Certification
Like most ISO management system standards, certification to ISO 27001 or ISO 27701 is not obligatory. Some organizations choose to implement these standards in order to benefit from the best practices they contain while others decide they also want to get certified to reassure customers and clients that its recommendations have been followed.
Certification by a certification authority demonstrates commitment to proactively manage and protect information and assets and ensure compliance with the relevant legal requirements. ISO 27001 details requirements for establishing, implementing, maintaining, monitoring, and improving an organization’s information security management system, and ISO 27701 prescribes the additional requirements for privacy information management.
SkyKick has worked diligently on implementing its global information security & privacy management system in adherence to the ISO 27001 & ISO 27701 standard and partners with DNV as its main ISO certification authority for its certification effort.
SkyKick has a attained ISO 27001 and ISO 27701 covering its global operations through certification of its two main sites and is working on further integrating requirements from the ISO 22301 standard (Business Continuity Management) and ISO 20000 standard (IT Service Management) into its integrated management system. The ISO 27001 and ISO 27701 Audit Reports, Certificates and accompanying Statement of Applicability can be accessed here:
ISO 27001 Certification (Security):
- SkyKick ISO 27001:2013 Audit Report
- SkyKick ISO 27001:2013 Certificate
- SkyKick Statement of Applicability version 4.0
ISO 27701 Certification (Privacy):
- SkyKick ISO 27701:2019 Audit Report
- SkyKick ISO 27701:2019 Certificate
- SkyKick Statement of Applicability version 5.0
The Certificates cover the two main sites: SkyKick LLC, the main headquarters, and SkyKick B.V. the EMEA headquarters which together serve all of SkyKick’s Partners and Customers worldwide.
Data Pro Certification
The Data Pro Code is the first code of conduct approved by the Dutch Data Protection Authority and is a Code of Conduct as defined under article 40 of the GDPR. For data processors, the Data Pro Code is an instrument to demonstrate compliance with the GDPR and handling customer data in a secure and privacy-friendly manner.
The Data Pro Code was developed by NLdigital, the main industry association for companies driving digital transformation. With recognizable members such as industry leaders Microsoft, Lenovo, T-Mobile, and Vodafone driving the spear of the initiatives, SkyKick was involved from an early stage.
As of its entry into the European Market, through its Dutch subsidiary and EMEA HQ, SkyKick immediately subscribed to and applied the Data Pro Code to demonstrate that personal data it is entrusted with is managed in a professional and GDPR-compliant manner.
SkyKick actively seeks to support its partners and customers to navigate the complexity of adhering to the GDPR. The Data Pro Code offers clarity and transparency on what they are entitled to expect. SkyKick has been certified against the Data Pro+ Code, which demonstrates GDPR compliance commensurate to the partners and customers it serves. A copy of the Certificate and the registration with SCOPE Europe can be accessed here.
The eight principles in the Data Pro Code represent a concrete implementation of the GDPR legislation and ensures openness and accountability towards customers.
For further details on SkyKick’s ISO 27001, ISO 27701 and Data Pro certification, and its global certification initiative please send an email to firstname.lastname@example.org.