L
o
a
d
i
n
g
  • +966541204080
  • info@giga-soft.com

Compliance and Security

Details
Category: About us
Hits: 3422

compliance

Gigasoft is a partner of Leaseweb Co, Netherlands.

Certifications

Our systems are certified by third party auditors and they comply with all the latest industry standards. Find out in detail all the relevant certifications of the assurance reports.

Description

We are compliant with the following standards:

  • ISO 27001
  • PCI DSS
  • SOC1
  • HIPAA
  • NEN 7510

Find out more about compliance with each certificate and assurance report - and the scope of what is covered by each one of them.

Contents

  1. Security and compliance
    1. ISO 27001
      1. Certified Leaseweb entities
      2. Services covered
      3. ISO 27001 version
      4. Certifying agent
      5. Certificate register
      6. Certificate download
      7. 27001 certified by association
      8. Official ISO 27001 standard
    2. PCI DSS
      1. Certified Leaseweb entities
      2. Certified data centers
      3. Services covered
      4. Certificate version
      5. Quality Security Assessor
      6. Applicability
      7. Attestation of Compliance (AoC)
    3. SOC1
      1. Leaseweb entities
      2. Services covered
      3. Control objectives
      4. SOC1 certificate download
      5. International standard (ISAE 3402)
      6. Independent third-party auditor
      7. Period covered
      8. SOC1 report by association
    4. HIPAA
      1. Version
      2. Compliant entities
      3. Compliant data centers
      4. Processes covered
      5. Third party auditor
      6. Statement download
      7. HIPAA compliant by association
    5. NEN 7510
      1. Version
      2. Compliant entities
      3. Compliant data centers
      4. Processes covered
      5. Third party auditor
      6. Statement download
      7. NEN 7510 compliant by association
      8. Official NEN 7510 standard
  2. FAQ about security and certifications
    1. Is because of these certifications that automatically all my data is secure?
    2. Do you have a SOC2 report?
    3. Do you have a SAS70 report?
    4. Do you have a SSAE16 report?
    5. Can I perform my own data center or Leaseweb operations audits?
    6. Can I perform penetration tests on or from my own hosted infrastructure at Leaseweb?
    7. Can you customize your audits for me?

 

  1. Security and compliance

Certifications and assurance reports ensure logical security, physical security, service deployment, customer support, incident management, change management, and operational resilience meet industry-leading standards. ISO 27001, PCI DSS, SOC1, HIPAA, and NEN 7510 certifications/assurance reports and our external audit partners are recognized all around the world.

 

1.1 ISO 27001

The International Organization for Standardization (ISO) 27001:2013 is the international security standard used to benchmark the protection of sensitive data. ISO 27001 is recognized as the premier information security standard around the world.

Certified Leaseweb entities

The following independent Leaseweb companies are covered by this certification:

  • Leaseweb Netherlands B.V.
  • Leaseweb Global Services B.V.
  • Leaseweb Deutschland GmbH
  • Leaseweb USA, Inc.
  • Leaseweb Asia Pacific Ltd

Services covered

The following services are certified:

  • Cloud
  • Bare Metal / Dedicated Servers
  • Colocation
  • Webhosting
  • Domains

ISO 27001 version

Leaseweb is certified according to the latest (2013) version of the ISO/IEC 27001 standard.

Certifying agent

Certification was carried out by EY CertifyPoint. EY CertifyPoint is accredited by the Raad voor Accreditatie (RvA) which is a member of the International Accreditation Forum (IAF). Their certificates are recognized as valid in all IAF member countries.

Certificate register

The certificate is listed in the certificate register of CertifyPoint.

Certificate download

You can download a copy of the certificate . ISO 27001 267px PDF file icon.svg    Bridge Letter 267px PDF file icon.svg

27001 certified by association

As a client or reseller, you are not certified by association. However as Leaseweb is ISO 27001 certified, it will make your own certification process easier.

Official ISO 27001 standard

You can purchase a copy online from www.iso.org.

 

 

1.2 PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) certifies online credit card transactions and ensures that credit card data and personal, privacy-sensitive information is protected from theft. Please note that considering our service delivery, our certification covers only physical security aspects of the standard. Our services are by default not meant to process or store credit card transactions.

Certified Leaseweb entities

The following independent Leaseweb companies are covered by this certification:

  • Leaseweb Deutschland GmbH (FRA10)
  • Leaseweb USA, Inc. (WDC1)


Certified data centers

The following data centers in our portfolio are certified:

  • AMS-01
  • AMS-10
  • FRA-10
  • WDC-01
  • SIN-11
  • HKG-10


Services covered

The PCI Data Security Standard (PCI DSS) ensures the secure handling of sensitive information and is intended to help organizations proactively protect customer account data.

As Leaseweb does not monitor or has access to customer data, applicability of the PCI/DSS certification is restricted to physical security access to customer equipment through a combination of management systems and physical access safeguards and procedures. The covered aspects of the PCI/DSS certification are: 9.1 to 9.4, 9.10, 10.6.1, 11.1.2, 12.1, 12.2, 12.4 to 12.10.

IncludedExcluded
Hosting provider: Hosting provider:

A-  Physical space (co-location)

B-  Security services

C-  Secured housing services

A-  Shared Hosting provider

B-  Cloud services
Managed services: Managed services:

A-  Physical security

A-  IT Support
  Network provider

 

Certificate version

Leaseweb is certified according to the latest version (3.0) of the PCI DSS standard.

Quality Security Assessor

The assessments were carried out by our global QSA partner ComSec Consulting.

Applicability

All merchants manage their own PCI DSS certification. Your QSA can rely on our PCI compliance but you will still be required to satisfy all other PCI compliance and testing requirements including how you manage the cardholder environment that you host with the relevant Leaseweb entity.

Attestation of Compliance (AoC)

Please contact your Account Manager or our Sales department if you would like to receive a copy of the Attestation of Compliance (AoC).

 

1.3 SOC1

Service Organization Controls (SOC)1 reports attests that the Leaseweb control objectives are appropriately designed and that the controls are operating effectively. Normally, SOC1 is associated with financial controls, but given the type of our business, we broadened the remit of our assurance reports to reflect our close connection with IT issues. This also enhances their relevance to you as a customers and your operations.

There are two types of reports: type I and type II, where type II adds an extended assertion and auditor’s opinion on the operating effectiveness of your controls.

Leaseweb entities

All the independent Leaseweb companies have a SOC1 assurance report:

  • Leaseweb Netherlands B.V. (Type II)
  • Leaseweb Deutschland GmbH (Type II)
  • Leaseweb USA, Inc. (Type II)
  • Leaseweb Asia Pacific Ltd (Type II)

Services covered

The following services are covered in these reports:

  • Cloud
  • Bare Metal/Dedicated Servers
  • Colocation
  • Webhosting
  • Domains


Control objectives

The following control objectives are covered in our reports:
Objective areaObjective descriptionIncluded in report
Logical security Controls provide reasonable assurance that logical security is appropriately implemented, administered and logged to safeguard against unauthorized access to or modifications of the customer portal that our clients are using to administer their infrastructure and administration.

A-  Leaseweb Netherlands

B-  Leaseweb Deutschland

C-  Leaseweb USA

D-  Leaseweb Asia Pacific
Physical security Controls provide reasonable assurance that physical access to the data centers is restricted to authorized individuals to prevent unauthorized use, disclosure, modification, damage or loss of data.

A-  Leaseweb Netherlands

B-  Leaseweb USA
Service deployment Controls provide reasonable assurance that services to clients are appropriately deployed and managed to ensure a timely and standardized delivery.

A-  Leaseweb Netherlands

B-  Leaseweb Deutschland

C-  Leaseweb USA

D-  Leaseweb Asia Pacific
Customer support Controls provide reasonable assurance that the customer support teams timely and effectively act on client’s infrastructure problems to minimize service disruptions.

A-  Leaseweb Netherlands

B-  Leaseweb Deutschland

C-  Leaseweb USA

D-  Leaseweb Asia Pacific
Incident management Controls provide reasonable assurance that incidents on the shared infrastructure are appropriately managed, resolved and analyzed to minimize disruption and impact of the services.

A-  Leaseweb Netherlands

B-  Leaseweb Deutschland

C-  Leaseweb USA

D-  Leaseweb Asia Pacific
Change management Controls provide reasonable assurance that changes on the shared infrastructure are appropriately managed to minimize the disruption and impact of the services.

A-  Leaseweb Netherlands

B-  Leaseweb Deutschland

C-  Leaseweb USA

D-  Leaseweb Asia Pacific
Operational resilience Operations are appropriately managed to safeguard the data center facilities to avoid and minimize service disruptions.

A-  Leaseweb Netherlands

B-  Leaseweb USA

 

 

SOC1 certificate download

You can download a copy of the different SOC1 certificates on our Compliance & Security page.

International standard (ISAE 3402)

The independent third-party audit for the various Leaseweb reports has been conducted in accordance with the International Standard on Assurance Engagements No. 3402 (ISAE 3402), Dutch law, and attestation standards established by the American Institute of Certified Public Accountants (CPA).

Independent third-party auditor

The SOC1 examinations of the independent Leaseweb companies are performed by Ernst & Young Accountants LLP.

Period covered

Our SOC1 reports are issued on an annual basis and cover the period January 1 – December 31. New reports will be issued at the end of January of each year. An assurance report is always based on the previous year.

SOC1 report by association

As a client or reseller you do not have a SOC1 report by association, but as Leaseweb has a SOC1 report it will make your compliance process easier.

 

1.4 HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) sets out standards for security controls to protect health information stored or processed online. Although there is no specific HIPAA certification for service providers like Leaseweb, EY has issued us with a third party statement that recognizes our platform as being compliant with HIPAA’s requirements.

Version

The provided third party statement is based on the Health Information Security provisions of HIPAA Administrative Simplification Regulations set forth in 45 CFR Parts 160, 162, and 164 (as amended through March 2103) for Health Information Security provisions of Title II of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as of May 29, 2015.

Compliant entities

Considering this is a US standard, only Leaseweb USA, Inc. is compliant. Leaseweb Netherlands B.V., however, is compliant with the Dutch Health care standard NEN 7510.

Compliant data centers

Leaseweb USA, Inc. - WDC-01

Processes covered

Given the type of services offered by Leaseweb USA, Inc., their HIPAA compliance is focused on physical security, operational resilience, incident management, and service deployment.

Third party auditor

The HIPAA compliance examination is performed by Ernst & Young Accountants LLP.

Statement download

You can download a copy of the HIPAA compliance statement on our Compliance & Security page.

HIPAA compliant by association

As a client or reseller you are not HIPAA compliant by association, but as Leaseweb USA, Inc. has a HIPAA compliance statement it will make your compliance process easier.

 

1.5 NEN 7510

NEN 7510 is the standard developed by the Nederlands Normalisatie Institute for information security in the health sector. We have received a third party statement by EY for compliance with the NEN 7510’s requirements.

Version

The examination is performed according to the latest version of the NEN 7510 standard.

Compliant entities

Considering this is a Dutch standard, only Leaseweb Netherlands B.V. is compliant. Leaseweb USA, Inc. is though compliant with the US Health care standard HIPAA (Health Insurance Portability and Accountability Act).

Compliant data centers

Leaseweb Netherlands B.V. - AMS-01

Processes covered

Given the type of services offered by Leaseweb Netherlands B.V. our NEN 7510 compliance is focused on physical security, information security policy, risk management, operational resilience, incident management and service deployment.

Third party auditor

The NEN 7510 compliance examination is performed by Ernst & Young Accountants LLP.

Statement download

You can download a copy of the NEN 7510 compliance statement on our Compliance & Security page.

NEN 7510 compliant by association

As a client or reseller you are not NEN 7510 compliant by association, but as Leaseweb Netherlands B.V. has a NEN 7510 compliance statement it will make your compliance process easier.

Official NEN 7510 standard

You can download a copy online from NEN.

 

2. FAQ about security and certifications

Is because of these certifications that automatically all my data is secure?

As a customer of Leaseweb, you share the responsibility of the IT environment and the protection of data.

We manage the security of the shared infrastructure and make sure that our cloud infrastructure, dedicated servers, and network operates in a controlled and secure manner, the physical security of our data centers are in place, and make sure that you can safely use our Customer Portal. As a customer, you are responsible for the security in your own infrastructure. This means OS management, encryption, (security) patching, access control, application management, firewall settings and back-ups.

Do you have a SOC2 report?

We do not have a SOC2 report.

Although we do have SOC1 assurance reports in place for all the independent Leaseweb companies. The SOC1 is a similar standard as the SOC2, both are reports on controls at a service organization and are audited by accountants. The difference is that SOC2 has a mandatory set of controls. At the moment we consider the SOC1 as the preferred internal standard due to its flexibility, it allows us to completely tailor and update the framework to our activities, risks and client expectations.

Do you have a SAS70 report?

SOC1 reports have effectively replaced SAS 70 reports as of June 15, 2011.

Do you have a SSAE16 report?

Please refer to our SOC1 reports. Our SOC1 reports have been conducted in accordance with the International Standard on Assurance Engagements No. 3402 (ISAE 3402), which like the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) prescribes Service Organization Control reports.

The difference is that SSAE 16 is issued by the American Institute of Certified Public Accountants (AICPA) and the ISAE 3402 is issued by the International Auditing and Assurance Standards Board (IAASB).

Can I perform my own data center or Leaseweb operations audits?

We are unable to support this because potentially thousands of customers can then audit our services and facilities. Plus this would expose additional risks to our infrastructure and facilities.

We do understand that you need to have confidence that we meet security and compliance objectives. To help you in this and give the reassurance you need, we employ independent third party auditors to state and certify that our systems, data centers and processes comply with all the latest industry standards. Please visit our Compliance & Security page for the complete overview.

Can I perform penetration tests on or from my own hosted infrastructure at Leaseweb?

Permission is required for all penetration tests to or originating from Leaseweb resources.

Please contact our security department first to request authorization for penetration testing. Be aware that we do not permit penetration testing on all our services as this could have potential negative performance impacts on shared resources in our infrastructure. Our security department can inform you about this.

Can you customize your audits for me?

Due to the size of our customer base and global operations, we are unable to customize our audits based on individual client needs.

about us home

// ABOUT COMPANY
Your Partner for
Software Innovation

Gigasoft is a leading Web applications firm focused on world class custom ecommerce and unique customer interaction solutions. Gigasoft pioneered and remains the exclusive source for groundbreaking technologies like Gigasoft, the revolutionary, online product personalization and Web-to-Print application, and complex ecommerce and content management solutions that leverage the robust Gigasoft Framework.

read more
// OUR SERVICE
We Offer a Wide
Variety of web Services
The development of reliable and scalable software solutions for any OS, browser and device. We bring together deep industry expertise and the latest IT advancements to deliver custom solutions and products that perfectly fit the needs and behavior of their users
hosting icon

Hosting

Web hosting service is what allows individuals and organizations to make their website contents accessible via the Internet. There are a lot of procedures and facts

web solutions

web solutions

Gigasoft as a web solutions company which is aimed at to give wings to your business by maximizing your online presence in the most effective way. Acting not only as your online

whatsapp

Go whats

if you don't have Access Databse runtime so you need to download Access Database Engine There is no doubt that communicating with customers

// we Carry More Than Just Good Coding Skills
!Let's Build Your Website

contact us

// LATEST CASE STUDIES
Introduce Our Projects
Software development outsourcing is just a tool to achieve business goals. But there is no way to get worthwhile results without cooperation and trust between a client company.
// Our clients
We are Trusted
15+Countries Worldwide
Software development outsourcing is just a tool to achieve business goals. But there is no way to get worthwhile results without cooperation and trust between a client company.

M/ Mazen

mazen

It is our pleasure to write a letter on how supportive, professional, creative and study our business to market it right you(Giga-Soft) are to UBPC & UBGF. Do you want it in Arabic so Ibrahim will write it or English Dan will write it.

M/ Nabil Al-Ahmari

user 2

I was pleased to join the work team and benefit from the services firsthand with the finest dealings and with ease and flexibility That you enjoy the honor of the profession and the confidentiality of the relationship in the content to customers is clear evidence of the continued stability of a prosperous future.

Nader

Nader

Gigasoft is a professional and capable organization. My team has very much enjoyed working with them especially Mr. Youssuf. They will not stop or slow down till the client is perfectly satisfied. They have produced several websites, marketing campaigns and IT apps for our organization and we could not be any happier. I believe that the reliability, flexibility, efficiency and values through which Gigasoft executes their services are excellent and I would recommend Gigasoft to anyone. Dr. Nader Ashchi, CEO Success Story International

  • alama.jpg
  • almadinah.jpg
  • arme.jpg
  • atclogistic.jpg
  • binjumah.jpg
  • bldg.jpg
  • cgsc.jpg
  • efs.jpg
  • jawacat.jpg
  • jawalogistics.jpg
  • jtco.jpg
  • khadamati.jpg
  • mehn.jpg
  • ourgreenenvironment.jpg
  • saudi-cement.jpg
  • sdtc.jpg