ECS holds the industry’s highest certifications for quality management and IT service delivery. Our commitment to quality assurance is backed by an ongoing investment in processes, standards, and certifications that ensure excellence.
Committed to Quality
ECS’ registered ISO/IEC 27001:2013–Information Security Management System sets a standard for our security processes, procedures, and documentation. Main elements include risk management, asset management, communications and operations management, incident management, business continuity, and compliance.
ISO/IEC 27001:2013 for vSOC
ECS’ registered ISO/IEC 27001:2013 Information Security Management System (ISMS) ensures our Virtual Security Operation Center (vSOC) complies with security processes, procedures, and documentation controls and guidance of ISO/IEC 27001 for information security management. Main elements include risk management, asset management, communications and operations management, incident management, business continuity, and compliance.
ECS’ registered ISO Open Trusted Technology Provider v1 O-TTPS 1.1 (ISO/IEC 20243:2018) provides guidelines, requirements, and recommendations that, when practically applied, create a business benefit in terms of reduced risk of acquiring maliciously tainted or counterfeit products for the technology acquirer. Our purchasing processes provide supply chain risk management by conforming to the ISO 20243:2015 standard.
ECS’ registered ISO 9001:2015 Quality Management System (QMS) ensures that our solutions and services meet the highest standards of quality. Key principles include focusing on our customers’ needs, managing processes, and continually improving our levels of service at both the project and program levels.
ECS’ registered ISO/IEC 20000-1:2018 Information Technology–Service Management System (SMS) provides the framework by which we plan, establish, implement, operate, monitor, review, maintain, and improve our service management delivery. ISO 20000 certifies our Information Technology Services Management (ITSM) processes and is underpinned by the ITIL processes.
ECS’ registered ISO/IEC 27017:2013 Information Security Management (ISMS) Cloud Security ensures our Virtual Security Operation Center (vSOC) complies with the implementation controls and guidance of ISO/IEC 27017 for secure data transmission in cloud environments.
Capability Maturity Model Integration-Development (CMMI-DEV) Level 3 appraised methods ensure that we deliver systems engineering and software development solutions at the highest level. Our use of CMMI-DEV practices allows us to implement robust, high-maturity practices for software product lifecycle and engineering activities, ensuring that our products and services exceed our customers’ expectations.
Capability Maturity Model Integration-Services (CMMI-SVC) Level 3 appraised processes provide best-practice guidelines for management and service delivery. Implementing this approach allows us to provide consistency and continual improvement in a broad range of process areas from measurement and analysis to risk planning.
SOC 2SM Report
Since October 2019, ECS’ Virtual Security Operations Center has completed the requirements for a Service and Organization Controls (SOC) 2, Type II Audit covering Security and Availability criteria. The SOC 2 SM audit, conducted annually, provides an industry-wide recognition that ECS conforms to the American Institute of Certified Public Accountants (AICPA) SOC 2 standard, which measures security and availability and serves as assurance that customer data is being managed in a controlled and audited environment. Reports may be requested via email to ECSGRCteam@ecstech.com.
ITIL (previously known as the Information Technology Infrastructure Library) helps us to align our IT services delivery with the specific needs of our customers. Infused within our ISO 20000 SMS are best practices from the ITIL approach for providing service management.
The HITRUST Common Security Framework (CSF) Certification confirms that ECS’ Virtual Security Operations Center (vSOC) aligns with globally recognized information security controls, risk thresholds, and compliance requirements including ISO, EU GDPR, NIST, and PCI.
ECS’ Virtual Security Operations Center has completed a Payment Card Industry (PCI) Data Security Standards (DSS) Attestation of Compliance (AOC) with the PCI Security Standards v3.2.1 for the Payment Card Industry Security Standards Council and endorsed by the major payment brands.