By Ravi Sabhikhi
The exchange of information is crucial to business operations across all industries. Cyber security, confidentiality and data privacy are common concerns with document exchanges and other forms of data transfer. Trust Your Supplier (TYS), owned & operated by the blockchain services and solutions company Chainyard, recognizes that these issues are critical to network participants. In response, Chainyard has successfully completed SOC 1 & SOC 2 Type 2 examinations to further cement our commitment to meeting the utmost in data security requirements.
At Chainyard, data security and data privacy are in our DNA. We ensure our clients’ security concerns are addressed across multiple areas. Chainyard built TYS, one of the largest supplier discovery and information management permissioned blockchain solutions, using a Hyperledger Fabric framework. This adds protection to the network by safeguarding the digital keys that access the data.
Deployed on the IBM Public Cloud using the IBM Blockchain Platform, TYS adheres to all IBM Data Center security policies. The TYS production team also runs daily vulnerability scans along with minute-to-minute logs and can generate system alerts for any anomaly, notifying the appropriate people to take immediate action as required. These defined processes using state of the art technologies ensure Chainyard protects its devices and network against cyber attacks.
On the development side, the TYS team uses an Agile SDLC process where every user story is documented, and security concerns are addressed before each release of the TYS application.
At Chainyard we constantly monitor and adapt to the evolving and increasingly complex privacy landscape. The public awareness of privacy has grown over the past few years and was an instrumental factor in passing legislation such as the California Consumer Privacy Act of 2018 (CCPA), and more recently, the California Privacy Rights Act of 2020 (CPRA). While Europe has led the way with GDPR compliance, more states and countries are developing their own data privacy laws, such as South Africa’s Protection of Personal Information Act (often called the POPI Act or POPIA).
The TYS SaaS application is GDPR, POPIA, and CCPA compliant , with policies and procedures in place for data encryption in motion and at rest. Penetration tests (PEN tests) are performed multiple times a year by IBM X-Force Red in order to discover any security gaps and data vulnerability and perform security checks on the web interface and other access interfaces. All PEN test findings are reported and fixed in priority, as required by their severity level. PEN test reports are available upon customer request.
Chainyard continues to demonstrate its strong focus on the privacy and security of our clients’ data by proactively and successfully completing Type 2 SOC 1 and SOC 2 examinations this year. This allows our clients to maintain peace of mind as they focus on improving lives and reducing costs. Mohan Venkataraman Chainyard, CTO, added that “our recent SOC 1 & SOC 2 certification is only one aspect of our growing infrastructure security program that includes, among other things, ongoing data privacy and confidentiality enhancements and platform security improvements to guard against cyber security threats”.
Established by the American Institute of Certified Public Accountants (AICPA), SOC 1 and SOC 2 examinations are designed for organizations across all industries and scope to ensure the personal and business assets of their potential and existing customers are protected. SOC 1 and SOC 2 reports are recognized globally and affirm that a company’s infrastructure, software, people, data, policies, procedures, and operations have been formally audited by a third party. Chainyard’s SOC exams were led by A-LIGN ASSURANCE (A-LIGN), an independent auditing firm focused on industry-leading security and compliance, and trusted by more than 2,500 global organizations.
A-LIGN’s Type 2 SOC 1 and SOC 2 audits of Chainyard’s infrastructure and internal processes revealed no exceptions, affirming that our company’s security policies, data protection, and privacy protocols meet or exceed the highest industry standards. These SOC examinations reinforce Chainyard’s commitment to information confidentiality and data security on the Trust Your Supplier network, and we plan to continue maintaining and re-evaluating our policies and measures to maintain this standard of excellence.
Chainyard will perform SOC 1 and SOC 2 audits on an annual basis and make the reports available to current clients upon request and to potential clients upon execution of a non-disclosure agreement. If you are interested in viewing these SOC reports, please contact us.