Certifications
Global standards ensuring your data stays secure and your business stays compliant.
1
ISO/IEC 27001:2022
42Gears has been certified by the global Information Security Management System (ISMS) certification, ISO/IEC 27001. ISMS is a framework of procedures and policies that includes all technical, legal, and physical controls involved in a company's information risk management process.
Download ISO 27001 Certificate
Benefits of ISO 27001:
- Compliance with commercial, contractual, and legal responsibilities
- Improving processes and strategies
- Preventing fines and loss of reputation
- Retaining customers and winning new businesses
2
SOC 2 Type II Report
A SOC 2 Type II audit reports on controls at a service organization that are relevant to security, availability, processing integrity, confidentiality, and privacy. Conducted by an independent service auditor, this audit evaluates the design, implementation, and effectiveness of the controls 42Gears has put in place for its products SureMDM, SureLock, SureFox, SureVideo, and AstroContacts.
During the audit period, tests of controls were performed on controls as they existed and were applied to those controls relating to in-scope trust services criteria. The audit covered all the controls pertaining to the confidentiality, integrity, and availability of 42Gears. The report inspires trust and confidence in the company by showing that it is committed to the security of customer data.
A copy of the 42Gears SOC 2 Type II report is available under NDA. To get yours, please send a mail to sales@42gears.com.
During the audit period, tests of controls were performed on controls as they existed and were applied to those controls relating to in-scope trust services criteria. The audit covered all the controls pertaining to the confidentiality, integrity, and availability of 42Gears. The report inspires trust and confidence in the company by showing that it is committed to the security of customer data.
A copy of the 42Gears SOC 2 Type II report is available under NDA. To get yours, please send a mail to sales@42gears.com.
3
Information Commissioner's Office
The Information Commissioner's Office is an independent authority to uphold information rights in the interest of the public and data privacy for individuals in the UK.
The Data Protection Regulations 2018 requires organisations who process Personal Information to register with Information Commissioner's Office
You may view 42Gears ICO registration here.
You may view 42Gears ICO registration here.
4
Cyber Essentials
Cyber Essentials is a UK Government backed and industry supported scheme which provides a clear statement of basic controls that organizations should have in place to mitigate the risk from a wide range of Cyber threats. This certification assures customers that 42Gears has an understanding of the cyber security level and work towards securing the IT against cyber attack.
View our current Cyber Essentials Certificate and Cyber Essentials Plus Certificate.
5
PCI DSS Compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a collection of security standards made to protect credit and debit cardholder data against theft and fraud. It is governed by the Payment Card Industry Security Standards Council (PCI SSC). PCI certification helps businesses build trustworthy and long-lasting relationships with their customers by safeguarding sensitive data and information.
PCI DSS certification is important for businesses that process credit or debit card transactions.
The PCI Standard defines the security requirements that merchants and service providers must follow to protect cardholder data. The standard requirements are a collection of people, processes, and technical requirements covering the protection of cardholder data processing, storage, transmission, and the security aspects of associated infrastructure, network, system components, applications, SIEM, vulnerability, and penetration testing.
There are 12 different requirements under the PCI DSS to secure cardholder data. The requirement description is mentioned here.
42Gears is now PCI DSS compliant.
42Gears' UEM deployment has been validated against all the PCI DSS requirements, and this demonstrates the company's complete compliance with the PCI DSS. During the assessment, the PCI QSA (qualified security assessor) verified all the applicable requirements for 42Gears' in-scope applications, such as the SureMDM web application, SureMDM Agent, SureLock, Enterprise Agent, and SureDefense mobile applications. 42Gears has implemented all 12 requirements applicable to PCI DSS and is committed to maintaining the security and confidentiality of payment card information. A copy of the 42Gears PCI DSS AOC is available under NDA. To get yours, please send an email to sales@42gears.com. You may view and download our current certificate from here.
6
Student Privacy Pledge
The Student Privacy Pledge, a collaborative effort led by The Future of Privacy Forum (FPF) and The Software & Information Industry Association (SIIA), seeks to safeguard the privacy of students in the collection, storage, and use of their personal information. Its goal is to prompt service providers to transparently communicate their practices and adhere to recognized standards.
In line with this dedication, 42Gears proudly serves as the Official Signatory and has voluntarily pledged its adherence to the Student Privacy Pledge, accessible at: https://studentprivacypledge.org/signatories/.
7
HIPAA Compliance with 42Gears
The Health Insurance Portability and Accountability Act (HIPAA), including its associated rules and regulations, mandates that covered entities and business associates implement specific safeguards to protect sensitive health information identifiable to individuals. This legislation also empowers individuals with certain rights regarding their health data.
At 42Gears, we deeply value data privacy and security, especially within sensitive sectors like healthcare. As a certified HIPAA Business Associate, we recognize the importance of safeguarding Protected Health Information (PHI) and ensuring compliance with stringent industry regulations.
While 42Gears does not gather, utilize, store, or maintain HIPAA-protected health information for its own use, 42Gears is designed and built to facilitate its customers' efforts towards achieving HIPAA compliance for their own applications and related internal services.
HIPAA mandates that Covered Entities sign a Business Associate Agreement (BAA) with its Business Associates. If you'd like to request our BAA template, please drop us a note at privacy@42gears.com.
A copy of the 42Gears HIPAA report is available under NDA. To get yours, visit our Trust Center and request the certificate link.
8
Network and Information Systems Directive (NIS2)
The EU's newly adopted Network and Information Systems Directive (NIS2) builds on NIS1, aiming to enhance cybersecurity across the EU by setting stricter requirements for critical infrastructure sectors. It enforces mandatory compliance for companies and government agencies, promoting a more unified and robust security posture across member states.
9
Digital Personal Data Protection (DPDP) Act, 2023
42Gears has been assessed by Data Secure for alignment with India’s Digital Personal Data Protection (DPDP) Act, 2023. This assessment confirms that our technical and operational safeguards meet the regulatory requirements for protecting digital personal data.
Benefits
Verified Data Privacy: Customers have independent assurance that 42Gears' data collection, processing, and storage practices align with the legal requirements of the DPDP Act 2023.
Strengthened Security Safeguards: The assessment confirms that 42Gears has implemented reasonable technical security controls to protect personal data across its products.
Regulatory Alignment: For organizations operating in or with India, using DPDP-assessed vendors simplifies their own compliance journey by ensuring their data processor meets national standards.
Transparency and Trust: The audit specifically reviewed consent mechanisms and privacy policies, ensuring that customers can rely on transparent data handling procedures.
