JavaScript is turned off in your web browser. To take full advantage of Ribose features, please enable JavaScript and refresh the page.

Ribose receives Hong Kong’s first SOC 2 / 3 reports from Ernst & Young -- Compliant to newly released AICPA TSP 100 common criteria and CSA’s CCM

Hong Kong, 15 December 2014 – Ribose received its first Service Organization Controls (SOC) 2 and SOC 3 reports – as well as the SysTrust seal – from international auditing firm Ernst & Young (EY).

SOC 2 and 3 are widely recognized attestations, providing independent validation that companies’ internal controls comply with applicable American Institute of Certified Public Accountants’ (AICPA) Trust Services Principles and Criteria (TSP 100).

SOC 2 Type II is an internal control report regarding risks associated with organizations’ services, including detailed testing of controls. SOC 3 is intended for public consumption and includes fewer details than SOC 2.

TSP 100, newly released in 2014, supersedes TSP section 100A from 2009 and features a consolidated set of “common criteria” replacing previously separated principles: security, availability, processing integrity, and confidentiality. This standard applies to attestations after 15 December 2014.

Ribose and EY adopted the revised standard as early as permitted by the AICPA. Ribose’s SOC 2 Type II and SOC 3 reports are based on TSP 100 security and availability principles, together with controls from CSA’s newly launched Cloud Controls Matrix (CCM) 3.0.1.

In completing the attestation, Ribose received the first SOC 2 Type II report in Hong Kong; and became the first organization to receive SOC 2 / SOC 3 reports complying to both AICPA TSP 100 and CSA’s CCM. Ribose’s SOC reports are among the earliest reports utilizing AICPA’s new common criteria.

“This engagement represents a significant milestone for EY and Ribose. We successfully integrated into our existing attestation methodology these new standards and streamlined processes to achieve multiple certifications,” said Vincent Chan, Advisory Services Leader for EY Hong Kong and Macau. “Ribose chose EY as their attestation partner as we are familiar with their operating environment, and our EY professionals have extensive experience and knowledge of cloud operations and security.”

Ribose founder Ronald Tse explained, “Ribose is dedicated to helping people collaborate better; and the quality, security and reliability of our platform are paramount to achieving this goal. Our SOC 2 / 3 examinations demonstrate that we have appropriate controls in place to mitigate security and availability risks – meaning organizations faced with compliance requirements around sensitive data can fully leverage the Ribose platform.”

# # #

About Ribose

Ribose is a cloud collaboration platform that makes working together easy and fun. A forerunner in cloud security, Ribose is the world’s first cloud service provider certified to CSA STAR (CCM 3.0.1) and MTCS. It is also certified to ISO/IEC 27001, ISO/IEC 20000, CDSA CPS and SOC standards, and approved by the UK Government’s G-Cloud program for government use.

Ribose is free to use:

About EY

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. For more information, visit



Read More

Ribose becomes world’s first collaboration platform to achieve ISO 22301 certification

Ribose becomes world’s first collaboration platform to achieve ISO 22301 certification

Proven commitment to business continuity and service availability

Hong Kong, 2 June 2014 – Ribose has become the world’s first online collaboration platform and the first organization in Hong Kong to achieve ISO 22301:2012 certification, upholding its steadfast commitment to the highest standards of availability for all users.

Certifying resilience against business disruptions and other exceptional events, ISO 22301 specifies demanding requirements for implementing, operating, maintaining and improving business continuity management systems. Certification requires an independent auditor assessment of all applications, systems, processes and services. Ribose’s certification is awarded by BSI (British Standards Institution), the originator of the ISO 22301 standard, and accredited by the United Kingdom Accreditation Service (UKAS).

According to Ribose founder Ronald Tse, “Users rely on the Ribose platform for their mission-critical collaboration needs, so the continuity and availability of our service are paramount. Our ISO 22301 accreditation is testament to our ability to maintain uninterrupted service – anytime, anywhere, under any circumstances.”

Emmanuel Herve, Managing Director of BSI Hong Kong, stated: “As the first collaboration platform to achieve ISO 22301 certification, Ribose has demonstrated its technical ability and dedication to assuring service continuity for its users. We commend Ribose for going the extra mile to test and verify its service availability through independent assessments and certifications, taking significant steps to ensure continuous access for all users.”

About Ribose

Ribose makes collaborating easy and fun. Whether planning business projects or social events, the Ribose platform helps users collaborate through enterprise-strength security certified to the highest standards, including ISO 27001, CSA STAR, and CDSA CPS. Also available as part of the UK Government's G-Cloud program, Ribose is free to use:

About BSI

The British Standards Institution is the business standards company that helps businesses turn best practices of into habits of excellence. As the world’s first national standards body and a founding member of ISO, BSI is an organization whose standards inspire excellence across the globe:

Note: The term “certification” used here excludes unaccredited certifications.



Read More

Get Started

Getting Started