ISO 27001, formally known as ISO/IEC 27001, is designed to help organizations manage the security of financial information, intellectual property, employee details, and other assets. Maintaining ISO 27001 compliance helps deepen consumer confidence in an organization’s ability to handle sensitive information, and helps establish a formal risk management process.
SOC 2 Type II is an audit on how a cloud-based service provider handles sensitive information. This report covers a company’s controls and its operating effectiveness.
PCI DSS is a security framework first introduced in 2004 and is required by the contract for those handling cardholder data. This standard was created to increase controls around cardholder data to reduce credit card fraud.
OWASP SAMM is short for the Software Assurance Maturity Model. It was created to help organizations formulate and implement a strategy for software security.