TripStax bolsters commitment to client data protection with ISO certification and SOC2® audit

Following an extensive auditing process, TripStax’s technology solutions have achieved ISO 27001 certification for the second year running. This year the certification also extends to include new TripStax Hotels module.  ISO 27001 is an information security standard created by the International Organization for Standardization (ISO), which provides a framework and guidelines for establishing, implementing, and managing an information security management system (ISMS). Certification to the ISO 27001 standard is recognised worldwide and indicates that TripStax’s ISMS is aligned with information security best practices. These requirements are a list of requisites that organisations need to implement and maintain to create a robust ISMS.

In addition, TripStax has been approved for ISO 27018 certification, a standard that is used to ensure cloud service providers adhere to best practices for handling data.  ISO 27018 establishes commonly accepted controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) for the public cloud computing environment. These controls are split into privacy principles, including consent and choice, legitimacy, and specification of purpose.

Furthermore, TripStax has also successfully completed its Type 1 SOC 2® audit, a voluntary cyber-security compliance framework for service organisations, developed by the American Institute of CPAs (AICPA), which specifies how organisations should manage customer data. The primary purpose of SOC 2 is to ensure that third-party service providers store and process client data in a secure manner. The standard is based on the following trust services criteria: security, availability, processing integrity, confidentiality, privacy.

Scott Wylie, CTO TripStax commented: “Our entire technology and business proposition is built around innovative solutions for TMCs and corporates to manage travel data more effectively. Millions of our clients’ data transactions are being processed by the TripStax Core and within the cloud based TripStax modules on an annual basis. We therefore take the security, separation and integrity of that client data very seriously.

“It is vital that we can provide assurances to our customers that their data is secure and that we have extremely robust data management systems in place. The ISO certification and SOC 2 audit processes are meticulous and leave no stone unturned. They are also voluntary, but we believe it is imperative to undertake them. We are proud to have achieved these standards as this demonstrates unequivocally that our customers can trust TripStax to manage and protect their data with the utmost security,” said Scott Wylie.