CaseWare Cloud Security compliance

Cloud Security Compliance

CaseWare Cloud continually undergoes independent security audits to reinforce our commitment to data security, privacy, and compliance controls. Independent auditors examine our entire Information Security Management System (ISMS) to verify our service delivery, operations and management of the CaseWare Cloud platform to ensure it conforms to industry standards. These certifications demonstrate CaseWare Cloud’s international commitment to security and quality.

ISO 27001:2013

Independent auditing company, ControlCase International, confirms that CaseWare Cloud meets the requirements given in ISO 27001 and that its ISMS is in alignment with best practices.

This certification is independent of Amazon Web Services (AWS), which has its own ISO 27001 certification for its data centers, infrastructure and operations.

ISO 27001:2013 is a widely recognized international standard that places requirements on how an ISMS identifies, analyzes and addresses information risks, and how the organization stays ahead of changes in threats and mitigates their possible business impacts.

The certificate is here.

SOC 2® Type 1 and Type 2

AICPA, the world’s largest member association representing the accounting profession, affirms that CaseWare Cloud ISMS meets the Trust Services Criteria for SOC 2®. 

AICPA SOC 2® for Service Organizations are examination engagements performed by a service auditor. These reports focus on one or multiple Trust Services categories – security, availability, processing integrity, confidentiality, or privacy using predefined criteria.

CaseWare International has successfully obtained SOC 2 Type 1 and Type 2 certification.

Type 1:

SOC 2 Type 1, a report on management’s description of the service organization’s system and the suitability of the design of the controls.

Type 2:

SOC 2 Type 2, a report on management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls.

For answers to frequently asked questions about CaseWare Cloud, see our security page:

    • Related Articles

    • Introduction to CaseWare Cloud

      CaseWare Cloud is a web service for managing your organisation and workflows. Its' features and apps combine to provide a convenient centralised solution for management of both your firm and your engagements. Cloud can also integrate with CaseWare ...
    • Cloud Security Certifications and Procedures

      Application & Interface Security 1. What software development standards do you follow? Our Software Development Life Cycle (SDLC) ensures that our applications and programming interfaces (APIs) are designed, deployed, and tested in accordance with ...
    • Onboarding of staff into CaseWare Cloud

      When you're ready to provide staff with accounts in Cloud, you can begin onboarding procedures. Generally, the procedures are the same for all organization sizes:  1. Create groups based on functional roles and access rights. 2. Create accounts for ...
    • Information to assist with APES 305 compliance

      APES 305 was revised in December 2020, and is applicable as of 1 July 2021.  One of the changes made relates to a new requirement for firms to inform clients when they are using a Cloud Computing provider.  According to the definition in APES 305: ...
    • Our approach to Cloud security with CaseWare Cloud

      Choosing a cloud service provider can be a complex task given the nature of today’s security concerns. The number of potential threats - both malicious and benign - and the ever-increasing number of attack vectors can cause even security experts to ...