Try It Now

Compliance

Security Standards & Regulatory Framework

Our Commitment to Compliance

At LOKI, we understand that regulatory compliance is a critical aspect of your cybersecurity strategy. Our deception-based security solutions are designed to help organizations meet their compliance obligations while providing advanced threat detection and response capabilities.

This page outlines our own compliance certifications and explains how our products can support your compliance requirements across various regulatory frameworks.

LOKI's Compliance Certifications

LOKI maintains the following certifications and attestations to demonstrate our commitment to security and compliance:

ISO 27001

LOKI has achieved ISO 27001 certification, demonstrating our adherence to international information security management standards. Our certification covers all aspects of our operations, including product development, service delivery, and internal systems.

SOC 2 Type II

We maintain a SOC 2 Type II attestation covering the Trust Services Criteria for Security, Availability, and Confidentiality. Our annual audits verify the effectiveness of our controls over time.

FedRAMP Moderate

Our cloud-based services have achieved FedRAMP Moderate authorization, enabling us to serve U.S. federal government agencies with a security framework that meets their stringent requirements.

PCI DSS

LOKI maintains PCI DSS compliance for our payment processing systems and infrastructure, ensuring the secure handling of payment card data.

How LOKI Supports Your Compliance Needs

Our deception technology solutions can help your organization meet requirements across various regulatory frameworks:

Financial Services Compliance

GDPR

Our solutions support Article 32 requirements for implementing appropriate technical measures to ensure security, including the ability to detect and respond to breaches. The deception technology provides early warning of potential data breaches, helping to meet the 72-hour notification requirement.

PCI DSS

LOKI helps organizations meet PCI DSS requirements, particularly Requirements 10 (Track and Monitor Access) and 11 (Regularly Test Security Systems), by providing advanced threat detection and monitoring capabilities within cardholder data environments.

GLBA

Our products support financial institutions in meeting the Gramm-Leach-Bliley Act's Safeguards Rule by providing enhanced monitoring for unauthorized access to customer financial information.

Healthcare Compliance

HIPAA

LOKI's solutions assist healthcare organizations in meeting HIPAA Security Rule requirements, particularly those related to intrusion detection and response. Our systems can help identify unauthorized access attempts to systems containing Protected Health Information (PHI).

HITECH

By providing early detection of security incidents, our products support healthcare organizations in meeting HITECH Act requirements for breach notification and security management.

Government & Critical Infrastructure

FISMA/NIST

Our solutions align with multiple NIST SP 800-53 controls, particularly those in the SI (System and Information Integrity) and IR (Incident Response) families, helping federal agencies meet FISMA requirements.

CMMC

LOKI supports defense contractors in meeting Cybersecurity Maturity Model Certification requirements, particularly in domains related to threat detection and incident response.

NERC CIP

Our OT security solutions help energy sector organizations meet NERC CIP standards for the protection of critical cyber assets through enhanced monitoring and threat detection.

General Security Frameworks

ISO 27001

LOKI's deception technology aligns with ISO 27001 controls related to information security incident management and technical vulnerability management.

NIST CSF

Our solutions support multiple functions of the NIST Cybersecurity Framework, particularly Detect, Respond, and Recover, enhancing your organization's overall security posture.

CIS Controls

LOKI helps organizations implement several CIS Controls, including Control 12 (Network Monitoring and Defense) and Control 13 (Security Monitoring).

Data Processing and Security

LOKI processes customer data in accordance with our Privacy Policy and applicable data protection laws. Our approach includes:

  • Data Minimization: We collect only the information necessary to provide our services.
  • Security by Design: Our products and services incorporate security principles from the ground up.
  • Regular Assessments: We conduct routine vulnerability assessments and penetration tests of our infrastructure.
  • Employee Training: All LOKI employees undergo regular security awareness training.
  • Vendor Management: We maintain a rigorous vendor assessment program to ensure the security of our supply chain.

Ethical Use of Deception Technology

LOKI is committed to the ethical deployment of deception technology. Our guidelines ensure that our technology is used responsibly:

  • We design our products to target malicious actors, not legitimate users.
  • Our solutions include safeguards to minimize false positives and operational disruption.
  • We provide clear implementation guidance to ensure deception technology is deployed in accordance with applicable laws and regulations.
  • We advise customers to maintain appropriate internal policies regarding the use of deception technology in their environments.

Compliance Documentation

LOKI provides comprehensive documentation to support your compliance efforts:

  • Compliance Mappings: Detailed mapping of how our solutions support specific regulatory requirements.
  • Security Whitepapers: Technical documentation on our security architecture and controls.
  • Attestation Reports: Access to relevant certifications and audit reports under NDA.
  • Implementation Guides: Best practices for deploying our solutions in regulated environments.

To request compliance documentation, please contact our security team.

Ongoing Compliance Management

Regulatory requirements evolve, and so do our compliance efforts. Our approach to maintaining compliance includes:

  • Regular review and updates to our security controls and policies
  • Continuous monitoring of regulatory changes that may impact our customers
  • Periodic reassessment of our compliance posture through internal and external audits
  • Prompt remediation of any identified compliance gaps

Contact Our Compliance Team

For specific questions about LOKI's compliance program or how our solutions can support your regulatory requirements, please contact us at:

LOKI Compliance Team
Email: [email protected]
Phone: +1 (512) 555-0199