ISO/IEC 27001:2013 (e) and ISO/IEC 27701:2019 Certified

Orbita takes threats to the availability, integrity, and confidentiality of our clients’ information seriously.  As such, Orbita is an ISO/IEC 27001:2013 and ISO/IEC 27701:2019 certified provider whose Information Security Management System (ISMS) and Privacy Information Management System (PIMS) have received third-party accreditation from the International Standards Organization.

ISO/IEC 27001:2013 is an information security standard and ISO/IEC 27701:2019 is a privacy information management system standard and is an extension to the ISO/IEC 27001:2013; both published by the International Organization for Standardization (ISO), the world’s largest developer of voluntary international standards and the International Electrotechnical Commission (IEC). This certification establishes the basis for development and implementation of a comprehensive security and privacy management program, including the development and implementation of an Information Security and Privacy Information Management System (PIMS/ISMS). Orbita’s PIMS and ISMS specify an information security and privacy information management framework and comprehensive security controls following the ISO/IEC 27002 best practice guidance. Certification to ISO/IEC 27001 and ISO/IEC 27701 validates that Orbita’s Platform is being managed with the following relevant processes:

Systematic strategy for the consideration and management of security and privacy risks, including the likelihood and impact of threats and vulnerabilities.
Design of comprehensive primary and compensating security and privacy controls to treat risks associated with Orbita’s Platform.
Management oversight and involvement with preventative and corrective actions needed to address issues and make improvements.
Processes are in place for continuous improvements ensure that the information security and privacy controls meet our needs on an ongoing basis.
Internal and external audits, testing, and assessments are in place to ensure compliance to ISO 27001 and associated security and privacy controls.

ISO/IEC 27701:2019 is a privacy information management system standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) and is an extension to the ISO/IEC 27001:2013 Information security management standard.

A-lign, an independent, third-party auditor, found Orbita to have policies, procedures, and technical controls in place according to the standard. A-lign is an ISO / IEC 27001 certification body accredited by the ANSI-ASQ National Accreditation Board (ANAB) to perform ISO 27001 certifications.  Orbita has implemented security measures and countermeasures that protect it from unauthorized access or compromise and IT personnel were found to be conscientious and knowledgeable in best practices.

Compliance with this internationally recognized standard confirms that Orbita’s security management program is comprehensive and follows leading practices. The scope of Orbita’s ISO/IEC 27001:2013 and ISO/IEC 27701 certifications includes:

The scope of the ISO/IEC 27001:2013 certification is limited to the Information Security Management System (ISMS) and the requirements and control implementation guidance of ISO/IEC 27701:2019 for a Privacy Information Management System (PIMS) as a Data Processor. Further, the scope addresses the information security and privacy protection policies, processes, and controls to support the Orbita Platform with a distributed remote workforce, in accordance with the Statement of Applicability, version 1.5, dated November 18, 2021. The ISMS and PIMS are in place to protect the confidentiality, integrity, and availability of the information assets including internal data, customer data, personally identifiable information (PII), protected health information (PHI), and resources associated with the operations and maintenance of the Orbita Platform as provided to Orbita external customers.

This certification demonstrates Orbita’s continued commitment to information security at every level and ensures you that the security of your data and information has been addressed, implemented, and properly controlled in all areas of our organization. Processes are in place to ensure that resources are committed to the success and continued improvements to our security and privacy protection programs.