JavaScript is turned off in your web browser. To take full advantage of Ribose features, please enable JavaScript and refresh the page. Ribose > Ribose receives Hong Kong’s first SOC 2 / 3 reports from Ernst & Young — Compliant to newly released AICPA TSP 100 common criteria and CSA’s CCM

Ribose receives Hong Kong’s first SOC 2 / 3 reports from Ernst & Young — Compliant to newly released AICPA TSP 100 common criteria and CSA’s CCM

Hong Kong, 15 December 2014 -- Ribose received its first Service Organization Controls (SOC) 2 and SOC 3 reports — as well as the SysTrust seal — from international auditing firm Ernst & Young (EY).

SOC 2 and 3 are widely recognized attestations, providing independent validation that companies' internal controls comply with applicable American Institute of Certified Public Accountants' (AICPA) Trust Services Principles and Criteria (TSP 100).

SOC 2 Type II is an internal control report regarding risks associated with organizations' services, including detailed testing of controls. SOC 3 is intended for public consumption and includes fewer details than SOC 2.

TSP 100, newly released in 2014, supersedes TSP section 100A from 2009 and features a consolidated set of “common criteria” replacing previously separated principles: security, availability, processing integrity, and confidentiality. This standard applies to attestations after 15 December 2014.

Ribose and EY adopted the revised standard as early as permitted by the AICPA. Ribose’s SOC 2 Type II and SOC 3 reports are based on TSP 100 security and availability principles, together with controls from CSA's newly launched Cloud Controls Matrix (CCM) 3.0.1.

In completing the attestation, Ribose received the first SOC 2 Type II report in Hong Kong; and became the first organization to receive SOC 2 / SOC 3 reports complying to both AICPA TSP 100 and CSA’s CCM. Ribose’s SOC reports are among the earliest reports utilizing AICPA’s new common criteria.

“This engagement represents a significant milestone for EY and Ribose. We successfully integrated into our existing attestation methodology these new standards and streamlined processes to achieve multiple certifications,” said Vincent Chan, Advisory Services Leader for EY Hong Kong and Macau. “Ribose chose EY as their attestation partner as we are familiar with their operating environment, and our EY professionals have extensive experience and knowledge of cloud operations and security.”

Ribose founder Ronald Tse explained, “Ribose is dedicated to helping people collaborate better; and the quality, security and reliability of our platform are paramount to achieving this goal. Our SOC 2 / 3 examinations demonstrate that we have appropriate controls in place to mitigate security and availability risks — meaning organizations faced with compliance requirements around sensitive data can fully leverage the Ribose platform.”

About Ribose

Ribose is a cloud collaboration platform that makes working together easy and fun. A forerunner in cloud security, Ribose is the world’s first cloud service provider certified to CSA STAR (CCM 3.0.1) and MTCS. It is also certified to ISO/IEC 27001, ISO/IEC 20000, CDSA CPS and SOC standards, and approved by the UK Government’s G-Cloud program for government use.

Ribose is free to use:

About EY

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. For more information, visit

Originally published at: