Security certification services are used to provide assurance that products and services meet minimum standards of due care related to security programs and practices. These services include certification and attestation against voluntary or mandated standards and guidance, the most common of which are the: • International Organization for Standardization (ISO) 27001 • Payment Card Industry (PCI) Data Security Standard (DSS) • Health Information Trust Alliance (HITRUST) • Health Insurance Portability and Accountability Act (HIPAA) • Health Information Technology for Economic and Clinical Health (HITECH) • Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) • System and Organization Control (SOC) 2