Working with over 160 operators around the world, our most important concern is the protection and reliability of customer data and information. In an age where data breaches are becoming more and more of a threat, Nextgen Clearing is taking all the necessary steps to protect its clients’ data. We are pleased to announce that Nextgen Clearing is certified according to ISO 9001:2015 and ISO 27001:2013 standards and our Service Organisation has adopted the standards and best practices to achieve SSAE 18 SOC I Type II Certification.
ISO 9001:2015 - FS 636719Quality Management
Stands for quality
ISO 9001:2015 is an international set of standards that focus on managing processes and establishing an effective management system. Nextgen Clearing complies with the ISO standard and is therefore ISO-certified. Nextgen Clearing has successfully completed its transition to the ISO 9001:2015 certification, which means that our quality system is now in line with our ISO 27001 information security certification.
Continuous improvements
ISO 9001 focusses on delivering high quality throughout the organisation. Our processes are audited twice a year. In this way, we can ensure that our quality management is of the highest standard.
ISO 9001:2015 represents:
- Continuous quality improvement
- Customer satisfaction
- High quality
- Consistent communication
- Continuous improvement of processes
- Conformity with legislation
ISO 27001:2013 - IS 636720 Information Security
Security of your information
Our processes are established to conform with ISO 27001 standards; therefore we can guarantee that your data is heavily secured and this is our top priority. Nextgen Clearing complies with international requirements for securing data that is handled and managed by Nextgen Clearing. When it comes to securing our customer data we take no shortcuts, we will always choose the most durable solution for our customers.
ISO 27001:2013 is:
- Security of your information and data
- Manageability of data
- Creating and sustaining trust with respect to information security
- Conformity with legislation
- Manages authorised access to data
Nextgen Clearing can achieve both standards thanks to an Integrated Management System (IMS), which Nextgen Clearing developed, and which is based on international standards. The IMS monitors the quality and security of service within Nextgen Clearing. The system enables us to use and maintain various security systems.
Our IMS also detects and removes common risks, threats and vulnerabilities within the IT sector. We seek to continually improve the efficiency of the system for the security of both our company and our customers.
SSAE 18 SOC I Type II Certified
Definitions
- SSAE 18 - Statements on Standards for Attestation Engagements (“SSAE”) No. 18.
- SOC I - Service Organization Control Report No. 1
- Type II - Audit of a system throughout a specified time period
Overview
The SSAE 18 is an attestation standard put forth by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). SSAE 18 SOC I Type II is a high-level security certification requiring a stringent audit process. Nextgen Clearing’s Financial and Data Clearing have passed this difficult audit, ensuring that your financial and data are secure when using any of our software or services. The SSAE 18 effectively replaces the SSAE 16 (Formerly SAS 70) for reporting periods ending on or after May 1, 2017. This standard applies to engagements undertaken by a Service Auditor for reporting on controls at organizations like Nextgen Clearing which provide services to their customers. The controls in place at service organizations are likely to be relevant to a customer's internal control over financial reporting (ICFR). On an annual basis, Nextgen Clearing undertakes an internal audit that attests to the various controls in place for managing customer financial and data clearing services, subject to the Statements on Standards for Attestation Engagements (“SSAE”) No. 18 (formerly SSAE 16). This audit is independently performed by Mazars as per the guidelines under the Sarbanes-Oxley Act of 2002, Section 404.
Cyber Essentials
Overview
Cyber Essentials is a United Kingdom government information assurance scheme that is operated by the National Cyber Security Centre (NCSC). It encourages organisations to adopt good practice in information security. Cyber Essentials also includes an assurance framework and a simple set of security controls to protect information from threats emanating from the internet.