²ÝÝ®ÊÓƵ ?? ??
²ÝÝ®ÊÓƵ ?? ?? ????
²ÝÝ®ÊÓƵ? ??? ?? ?? ????? ??? ?? ? ???? ??? ???? ?? ???? ??? ??? ???? ???? ?? ?? ???? ????? ??? ??? ?3? ?? ? ?? ???? ?????.
²ÝÝ®ÊÓƵ ?? ?? ???
SOC 1
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning, ²ÝÝ®ÊÓƵ VNDLY
SOC(Service Organization Controls) 1 ?????? ??? ??? ?? ??? ?? ??? ?????. ??? ??? ?? ??? ?? ?? ??? ?? ?? ????.
SOC 1 Type II ???? ISAE(International Standard on Assurance Engagements) 3402(??? ??? ??? ?? ?? ???) ??? ?? ?????. SOC 1 ???? ²ÝÝ®ÊÓƵ ?????? ???? ??????? ???? ??? ?? ? ?? ???? ????.
SOC 2
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning, ²ÝÝ®ÊÓƵ Strategic Sourcing, ²ÝÝ®ÊÓƵ Peakon Employee Voice, ²ÝÝ®ÊÓƵ VNDLY, HiredScore AI for Recruiting, HiredScore AI for Talent Mobility, ²ÝÝ®ÊÓƵ Contract Lifecycle Management, powered by Evisort AI
SOC 2 Type II ?????? ?3?? ??? ²ÝÝ®ÊÓƵ ?? ??? ?? ???? ??? ??? ?????.
SOC 2 ???? ?????????(AICPA) TSC(Trust Services Criteria)? ???? ??, AICPA AT Section 101(?? ??)? ???? ?? ?????. SOC 2 ???? ²ÝÝ®ÊÓƵ ??????? ??? ?? ???? ???? ?? ???? ???? ??? ?? ? ?? ???? ??? ????. ²ÝÝ®ÊÓƵ ?????? ?? SOC 2 ???? ?? TSC ??(??, ???, ?? ??, ?? ???, ???? ??)? ????. ??, ? ?????? SOC 2+ Additional Subject Matter ????? ??? NIST CSF(Cybersecurity Framework) ? NIST 800-171? ????. ???? ? ?????? ²ÝÝ®ÊÓƵ ??? ???? ???? ?? ?????.
SOC 3
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning, ²ÝÝ®ÊÓƵ Peakon Employee Voice, ²ÝÝ®ÊÓƵ Strategic Sourcing
AICPA? ?????? ???? ???? ??? ?? ?? ?? ? ???? ??? ?? SOC 3 ?????? ??????.
SOC 3 ???? ²ÝÝ®ÊÓƵ ?? ??? ?? ???? ???? ?3?? ?????. ????? ?? ??? ? ?????? ?? ???? ??, ???, ?? ??, ?? ???, ???? ??? ?? ²ÝÝ®ÊÓƵ ?? ??? ????? ?????.
²ÝÝ®ÊÓƵ ?????? ??? ?? SOC 3 ???? ??????.
²ÝÝ®ÊÓƵ Adaptive Planning? ?? SOC 3 ???? ??????.
²ÝÝ®ÊÓƵ Peakon Employee Voice? ?? SOC 3 ???? ??????.
²ÝÝ®ÊÓƵ Strategic Sourcing? ?? SOC 3 ???? ??????.
ISO 27001
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning, ²ÝÝ®ÊÓƵ Strategic Sourcing, ²ÝÝ®ÊÓƵ VNDLY, ²ÝÝ®ÊÓƵ Peakon Employee Voice
²ÝÝ®ÊÓƵ? ?? ?? ?? ???(ISMS)? ? ???? ???? ? ?? ?? ?? ?? ??? ??? ?????.
²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning, ²ÝÝ®ÊÓƵ Strategic Sourcing, ²ÝÝ®ÊÓƵ Peakon Employee Voice? ?? ²ÝÝ®ÊÓƵ? ?? ISO 27001 ??? ??????.
VNDLY? ?? ²ÝÝ®ÊÓƵ? ISO 27001 ??? ??????.
ISO 27017
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning
? ??? ???? ??? ????? ? ??? ???? ?? ?? ??? ?? ?? ? ?? ??? ?????.
²ÝÝ®ÊÓƵ ?????? ?? ? ²ÝÝ®ÊÓƵ Adaptive Planning? ?? ²ÝÝ®ÊÓƵ? ?? ISO 27701 ??? ??????.
ISO 27018
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning
? ??? ?? ??? ??? ???? ??? ???? ?? ?????.
²ÝÝ®ÊÓƵ ?????? ?? ? ²ÝÝ®ÊÓƵ Adaptive Planning? ?? ²ÝÝ®ÊÓƵ? ?? ISO 27701 ??? ??????.
ISO 27701
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning
? ??? ISO/IEC 27001? ????? ???? ?? ???(PIMS) ?? ? ?? ??? ?? ??? ??? ?????.
²ÝÝ®ÊÓƵ ?????? ?? ? ²ÝÝ®ÊÓƵ Adaptive Planning? ?? ²ÝÝ®ÊÓƵ? ?? ISO 27701 ??? ??????.
ISO 42001
?? ??: ²ÝÝ®ÊÓƵ HCM(Human Capital Management), ²ÝÝ®ÊÓƵ ?? ??, ²ÝÝ®ÊÓƵ ??, ²ÝÝ®ÊÓƵ ?? ??, ²ÝÝ®ÊÓƵ Adaptive Planning, ²ÝÝ®ÊÓƵ Peakon Employee Voice, ²ÝÝ®ÊÓƵ ??, ²ÝÝ®ÊÓƵ ?? ??, ²ÝÝ®ÊÓƵ ?? ??, ²ÝÝ®ÊÓƵ ?? ? ??, ²ÝÝ®ÊÓƵ ??? ? ?? ??
ISO 42001? ?? ??? AI ?? ???(AIMS)? ??, ??, ?????? ?? ???? ?? ??? ??? ?? ?????. AI ?? ???? ???? ????? ???? ???? ?? ?????? ?? ?? AI ??? ??? ??? ?????.
?? ISO 42001 ???? ??????.
NIST AI ??? ?? ?????(NIST AI RMF)
?? ??: ²ÝÝ®ÊÓƵ, Inc.
NIST AI ??? ?? ?????(AI RMF)? ??, ??, ?? ???? AI? ??? ???? ????? ?? ??? ?? AI ??? ?? ? ?? ?? AI ??? ??? ???? ?? ???????. ???? ??? ???? ? ?????? AI ??, ???, ???? ??, ??, ??, ??? ??? ????? ? ????? ???? ?? ?? ??? ???.
²ÝÝ®ÊÓƵ? NIST AI ??? ?? ????? ??? ??????.
TRUSTe ?????? ???? ?? ? ??? ???? ??
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning, ²ÝÝ®ÊÓƵ Strategic Sourcing
²ÝÝ®ÊÓƵ? TRUSTe ?????? ???? ?? ? ??? ???? ???? ????? ???? ????.
²ÝÝ®ÊÓƵ? ?? ????? ? SIG ????? ?? ??? ???? ?? ? ??? ???? ????? ??? ?? ??? ?? ? ?? ??, ???? OECD ???? ?? ?????, APEC ???? ?? ?????, ?? ?? ???? ???(GDPR), ?? HIPAA(Health Insurance Portability and Accountability Act), ISO 27001 ?? ?? ?? ??? ?? ??, ? ?? ? ?? ???? ??? ? ??? ???? ??? ??? ? ????.
²ÝÝ®ÊÓƵ? TRUSTe ? ??????.
SIG ???
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning, ²ÝÝ®ÊÓƵ Strategic Sourcing, ²ÝÝ®ÊÓƵ Peakon Employee Voice, ²ÝÝ®ÊÓƵ VNDLY
SIG(Standardized Information Gathering) ???? ??? ??? ?? ??? ? ???? ?? ?? ? ??? ??? ???? ? ???? ?? ??? ??? ??? ????.
SIG? ?3? ??? ?? ?? ??? ??? Shared Assessments?? ?????. ²ÝÝ®ÊÓƵ? ?? SIG ?? ??? ???? ²ÝÝ®ÊÓƵ ?? ??? ?? ??? ??? ???? ???? ???? ???? ?????. ??? ²ÝÝ®ÊÓƵ Community?? ? ???? ? ????.
NIST CSF? NIST 800-171
?? ??: ²ÝÝ®ÊÓƵ ?????? ??
NIST CSF? ???? ??? ?? ???? ? ????? ??, ??, ??? ??? ?? ??? ?????. NIST ???? ?? ?????? ??? ???? ?? ????? ???? ???? ? ??? ??? ?????. NIST 800-171 ??? ?? ?? ??? ?? ?? ??? ? ???? ??? ?? ?? ?? ??(Controlled Unclassified Information)? ??? ?? ?????.
²ÝÝ®ÊÓƵ? ²ÝÝ®ÊÓƵ? SOC 2 ??? NIST CSF, NIST PF ? NIST 800-171 ??? ????, ? ??? ?? ??? ²ÝÝ®ÊÓƵ SOC 2+ ???? ??????.
TrustArc ? ??? ?? ?????
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning, ²ÝÝ®ÊÓƵ Strategic Sourcing
²ÝÝ®ÊÓƵ? ??? ?? ????? ????? ????? ???? ????. ²ÝÝ®ÊÓƵ? ??? ?? ????? ?3? ?? ???? TRUSTe? ?????.
²ÝÝ®ÊÓƵ? ??? ?? ????? ? ??????.
EU ???? ????
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning
EU ???? ????(CCoC)? ???? ??? ???(CSP)? GDPR ?? ?? ??? ???? ?? ??? ???? ???? ????.
?? ID: 2019LVL02SCOPE001
²ÝÝ®ÊÓƵ ? ??????.
HIPAA
?? ??: ²ÝÝ®ÊÓƵ ?????? ??
²ÝÝ®ÊÓƵ? ²ÝÝ®ÊÓƵ ?????? ??? ?? HIPAA(Health Insurance Portability and Accountability Act) ?3? ??? ??????. ?? ²ÝÝ®ÊÓƵ? HIPAA ?? ?? ????? ?? ?? ?? ?? ? ?? ??? ??, ???, ??? ??? ??? ??? ???? ??? ?????.
FedRAMP Moderate
?? ??: ²ÝÝ®ÊÓƵ ?????? ??
FedRAMP(Federal Risk and Authorization Management Program)? ?? ??? IT ??? ???? ?? ???? ????? ???? ??? ???????. FedRAMP? ???? ??? ?? ? ???? ???? ???? ??? ?????. ?? ??? ? ????? ?? ?? ???? ?????? ??? ???? ?? ???? ??? ??? ? ????.
²ÝÝ®ÊÓƵ? ²ÝÝ®ÊÓƵ Government Cloud? ?? ?? ?? ???? FedRAMP ?? Moderate ??? ??????.
G-Cloud
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning, ²ÝÝ®ÊÓƵ Peakon Employee Voice
G-Cloud ?????? ?? ??? ???? ?? ??? ??? ? ?????.
G-Cloud? ???? ?? ??? ???? ?? ?? ??? ??? ???? ?? ?? ? ???? ???? ???? ??? ?????. G-Cloud ?????? ?? ??? CSS(Crown Commercial Services)?? ? 1? ???????.
?? ?? ?? ??? CCS ??? ??????? ?? ²ÝÝ®ÊÓƵ ??? ??? ??? ? ????.
Cyber Essentials Plus
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning, ²ÝÝ®ÊÓƵ Strategic Sourcing, ²ÝÝ®ÊÓƵ Peakon Employee Voice, ²ÝÝ®ÊÓƵ VNDLY
Cyber Essentials Plus? ?? ??? ???? ???? ?? ??? ??? ???? ??? ??? ?? ?? ??? ?? ?? ???????.
²ÝÝ®ÊÓƵ? Cyber Essentials Plus ? ??????.
Australian IRAP
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning
?? ??? ???? ???? ??? ICT ??? ??? ?? ??? ????? ?????. ??? ???? ISM(Information Security Manual) ? PSPF(Protective Security Policy Framework)? ?? ??????. ?? ??? ?? ??(ACSC)? ???? IRAP(Infosec Registered Assessors Program)?? ??? ISM ? PSPF ??? ???? ???? ??? ?? ???? ?????.
²ÝÝ®ÊÓƵ? ?3? ???? ???? ²ÝÝ®ÊÓƵ ???? ??? ???? PROTECTED ???? ISM ? PSPF ??? ???? ?? IRAP ??? ?????.
CSA ?? ???? ????
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning, ²ÝÝ®ÊÓƵ Strategic Sourcing, ²ÝÝ®ÊÓƵ Peakon Employee Voice, ²ÝÝ®ÊÓƵ VNDLY
?? CAS(Cloud Security Alliance) ????? ???? ?? ???? ???? ?? ???????. ??? ???? ??? ???? ??? ?? ??? ?????? ?? ??? ???? ???? ????? ???? ???? ??? ??? ? ????.
CSA STAR ?? ??
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning, ²ÝÝ®ÊÓƵ Strategic Sourcing, ²ÝÝ®ÊÓƵ Peakon Employee Voice, ²ÝÝ®ÊÓƵ VNDLY
CSA(Cloud Security Alliance) STAR(Security, Trust & Assurance Registry) CAIQ(Consensus Assessments Initiative Questionnaire)? ?? ??? ? ??? ?? ?? ??? ?? ?? ?? ??? ??? ??? ????. ?? ²ÝÝ®ÊÓƵ ??? ?? ?? ?? ?? ??? CSA? ??? ?????.
²ÝÝ®ÊÓƵ? CSA STAR Registry?? STAR Level 1 ??? ?????. STAR Registry?? ²ÝÝ®ÊÓƵ ??? ??????.
TISAX
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning, ²ÝÝ®ÊÓƵ Strategic Sourcing
?????????(VDA)? ???? ?? TISAX(Trusted Information Security Assessment Exchange)? ?????. ? ??? ?? ??? ??? ?? ?? ???? ?? ???? ???? ?? ??? ?????.
??? ?? ??? ? ????.
CCCS CSP ITS ??
?? ??: ²ÝÝ®ÊÓƵ ?????? ??
??? ??? ?? ??(CCCS)? ??? ??(GC) ?? ? ??? CSP ??? ??? ????? ???? ??? ???(CSP) ?? ?? ??(ITS) ?? ????? ??????. CCCS? CSP? ???, ???, ??? ITS ??? ?? ??? ??? ?????. ? ????? ?? ???? ? ??? ??? ??? ??? ???? ??/??? ?? ??? ?????? ?????. ?? ?? ??? ??? ???(Treasury Board of Canada Secretariat)?? ???? PB/M/M(Protected B, Medium Integrity, and Medium Availability) ??? ?????.
TX-RAMP
?? ??: ²ÝÝ®ÊÓƵ ?????? ??, ²ÝÝ®ÊÓƵ Adaptive Planning, ²ÝÝ®ÊÓƵ Strategic Sourcing, ²ÝÝ®ÊÓƵ Peakon Employee Voice, ²ÝÝ®ÊÓƵ VNDLY
TX-RAMP(Texas Risk and Authorization Management Program)? ???? ?? ??? ???? ???? ???? ?? ? ???? ?? ??? ???? DIR ???????. ???? ??? ???? ??? DIR ?????? ????, ?? ?? ??? ???? ???. TX-RAMP? ?? ?? 475? ??? ???? ???????.
²ÝÝ®ÊÓƵ? TX-RAMP ?? 2 ??? ?????.
??? ??