Ribose is committed to making the world a better place.

Ribose is proud to be CalConnect's first Asia-based member, to promote a more seamless calendaring and collaboration experience for everybody across cultures.

CalConnect (The Calendaring and Scheduling Consortium) is a not-for-profit organization advancing the state of interoperable calendaring and scheduling. As a partnership between vendors of calendaring and scheduling systems and tools, and the users of those tools, its membership includes the world's largest software companies. Virtually every important calendaring-related standard since 2004 has been authored edited and/or co-edited by members of a CalConnect Technical Committee.

Ribose believes that transparency is beneficial for all stakeholders and we demonstrate our commitment by having our business profile and operational details independently verified by BSI VerifEye, the trusted and proven Supplier Verication Audit service from BSI, annually.

Ribose maintains a BSI Verified Profile in the VerifEye Directory that includes business operational details, physical location, photos as well as details of all organizational certifications.

This means that Ribose has completed and passed annual Verification Audits delivered by BSI's supply chain specialists, and that they have independently verified our organizational details being true and accurate.

The open Internet is based on innovation as well as the protection of intellectual property. Ribose is committed to protecting our users' intellectual property and is a member of the Content Delivery and Security Association (CDSA).

CDSA is a non-profit organization advocating the innovative and responsible delivery and storage of entertainment, software, and information content. Among its members are some of the world's largest intellectual property owners including Adobe, Microsoft, Electronic Arts, Sony DADC, NBCUniversal and The Walt Disney Company. Established in the 1970s, CDSA was previously known as the International Recording Media Association (IRMA).

Ribose is a strong advocate of safe and secure cloud computing through greater responsibility and accountability in the cloud service industry, and a member of the Cloud Security Alliance (CSA).

The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. CSA is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.

Ribose is committed to serving our public sector customers and has been approved for use by all UK Government departments through the G-Cloud framework (G5, G6, G7, G8) of the Crown Commercial Service (CSS).

Over 29,000 UK public sector bodies including central government, local government, health, education, devolved administrations, emergency services, defence and not-for-profit organizations are eligible for this arrangement.

See our offerings on the Gov.UK Digital Marketplace and our G-Cloud 8 listing.

As an advocate of the open Internet and interoperable technologies, Ribose is a supporter of OpenID and a member of the OpenID Foundation (OIDF).

The OIDF is a non-profit international standardization organization of individuals and companies committed to enabling, promoting and protecting OpenID technologies. Formed in June 2007, the foundation serves as a public trust organization representing the open community of developers, vendors, and users. OIDF assists the community by providing needed infrastructure and help in promoting and supporting expanded adoption of OpenID.

Ribose is a member of the Media and Entertainment Services Alliance (MESA) and is committed to provide efficient and effective collaboration services to the media and entertainment industry.

MESA is a leading voice in the global media and entertainment industry. Its members include some of the largest content owners and service providers in the world, including Hollywood studios, music labels, software companies, and game publishers.

Ribose is a member of the Open Invention Network (OIN), an organization created to foster patent non-aggression for Linux producers and users. With over 1,300 members, OIN is the world’s largest IPR community, undertaking a range of activities to reduce members’ software patent risk.

As an OIN licensee, Ribose joins other community members in royalty-free cross-licensing of Linux System patents to one another. Members agree to a patent non-aggression pact, foregoing patent disputes between member organizations in Linux and adjacent technologies.

Ribose is committed to collaborating with the wider Linux user community to create a positive, nurturing environment for long-term development and strongly supports OIN’s efforts.

Ribose is dedicated to protecting the privacy of our users to the furthest extent, and fully supports the International Association of Privacy Professionals (IAPP) as a member corporation.

The IAPP is a not-for-profit association founded in 2000 with a mission to define, promote and improve the privacy profession globally. As the world’s largest and most comprehensive global information privacy community, IAPP is the definitive resource organizations successfully manage their privacy risks and protect their data.

Ribose is a member of the Cloud Industry Forum (CIF), a leading alliance of cloud service providers established to provide transparency and assist end users in determining core information necessary for them to adopt such services.

The Cloud Industry Forum (CIF) began in 2009 as a direct response to the evolving supply models for the delivery of software and IT services that has expanded well beyond the traditional on-premise method to one that now embraces hosted and/or, pay-as-you-use Cloud solutions.

CIF’s purpose is twofold: To drive a common and public level of transparency about the capability, substance and best practices of cloud service providers through a process of self-certification to a Code of Practice; and to promote trust to businesses and individuals wishing to leverage the commercial, financial and agile operations capabilities that cloud service providers offer.

Ribose's participation in CIF originated from its membership since 2012 in EuroCloud UK, which was merged into CIF operations in 2017.

Ribose is an ACM Preferred Employer dedicated to creating a workplace culture that values innovation, self-improvement, and commitment to society.

Association of Computing Machinery (ACM), established in 1947 with the creation of the first stored-program digital computer, is the premier membership organization for computing professionals, delivering resources that advance computing as a science and a profession, enable professional development and promote policies and research that benefit society.

Ribose is dedicated to protecting the environment and promoting sustainability.

EPEAT (Electronic Product Environmental Assessment Tool) is a worldwide, comprehensive environmental standard, run by the Green Electronics Council, that promotes environmental responsibility and innovation by identifying greener electronics. EPEAT is used by global companies, governments and consumers to rate, label and promote environmentally preferable products.

As an EPEAT Purchasing Partner, Ribose is committed to purchasing EPEAT-registered products as well as favoring suppliers that provide EPEAT-registered products.

The Kitemark for Secure Digital Transactions (Kitemark for SDT) from BSI (British Standards Institution) is the most rigorous security testing program available to date that validates and evaluates the security of individual applications. Ribose is the world’s first cloud Software-as-a-Service platform and collaboration service to complete the stringent and highly selective certification process to receive the cloud industry’s first Kitemark for Secure Digital Transactions.

Initially piloted by the banking industry, this Kitemark is the latest member of the BSI Kitemark family, a symbol of trust and product quality that was first granted in 1903 and is highly recognized worldwide.

An application certified to this Kitemark demonstrates rigorous validation to banking-grade security, as well as data protection measures of the organization that developed and operates the application, confirming it has been thoroughly tested and meets recognized standards for security, reliability and quality.

In order to receive the Kitemark for Secure Digital Transactions, the application or service must achieve three key criteria. First, a secure service must be developed and operated within a secure environment that emphasizes organizational security and process integrity. This criterion is best validated by requiring the organization itself to achieve and maintain certification to ISO/IEC 27001, covering all parts relating to the service and sensitive information it handles, including application development, infrastructure operations and transaction processing.

The second tenant of the Kitemark for Secure Digital Transactions is to achieve validation of application security, which requires the service to undergo rigorous internal and external penetration tests to the highest levels, ensuring there are no known significant vulnerabilities or security flaws. The application security tests are performed by a world-class, CREST-certified security team with over 30,000 hours of penetration testing experience, to the OWASP ASVS v2.0 standard – the most stringent in industry. Under Level 2 verification, Ribose is tested against 147 application security controls covering all facets of application security through black box and white box testing, from business logic to cryptography, static analysis to OWASP Top 10 vulnerabilities. This assures that the Ribose platform provides security assurance for significant transactions, including those that process healthcare information, implement business-critical or sensitive functions, or process other sensitive assets.

The third criterion is continual independent monitoring and assessment to ensure the security profile of the service provides assurance to the types of data it handles, including ongoing application security tests, organizational security audits, as well as Kitemark compliance audits and risk assessments.

Our Kitemark certification is a testament to Ribose’s unwavering commitment to providing a secure platform that prioritizes the protection of our customers’ data, and provides specific reassurance that our application itself features appropriate protection for highly sensitive information and mission critical projects.

Cloud Security Alliance's (CSA) STAR Attestation is widely considered as one of the most rigorous and selective cloud security assurance programs worldwide, due to the depth and breadth of assurance work performed as well as evidence sought. Ribose is the world's first cloud service provider (CSP) certified to STAR Attestation, and the world's only CSP to have achieved both STAR Attestation and STAR Certification.

Achieving STAR Attestation in conjunction with STAR Certification is powerful, independent proof that Ribose adheres to the highest standards of security and availability –- allowing you to rely on our platform to collaborate on valuable intellectual property and confidential data with peace of mind.

STAR Attestation provides a framework for certified public accountants to express an opinion of key factors relating to CSPs’ service descriptions, as well as suitability and effectiveness of systems controls.

This significant achievement was accomplished through completing a Service Organization Controls (SOC) 2 attestation performed by global professional services organization Ernst & Young (EY), using criteria from American Institute of Certified Public Accountants’ (AICPA) Trust Services Principles and Criteria (TSP 100) together with CSA's Cloud Controls Matrix 3.0.1 (CCM). EY was also deeply involved in the development of both the STAR Attestation scheme as well as the AICPA TSP 100 criteria.

Ribose is certified to the Cloud Security Alliance (CSA) STAR Certification and has consistently received the highest possible Gold maturity rating.

With Ribose being the first and only cloud service provider (CSP) to achieve compliance to the latest and most comprehensive cloud security standards, the Cloud Controls Matrix 3 (CCM 3) family of standards (including CCM 3.0.1 and CCM 3.0); the first STAR certified Software-as-a-Service (SaaS) CSP; and the first ever CSP to receive two consecutive STAR Gold Certifications, you can be confident that Ribose is committed to protect your data and privacy to the highest levels.

The STAR Certification is a stringent and comprehensive cloud security certification jointly developed by CSA and BSI (British Standards Institution) to address the intricate security issues and inherent risks of the cloud environment. Certification is only awarded after an independent accredited auditor has conducted a thorough audit and verified that the organization's applications, systems, processes and services fully comply with STAR requirements including the CSA CCM and ISO/IEC 27001.

Our certification scope is as comprehensive as possible, covering processes from design, development, operations to support processes in our organization. Ribose’s rating of Gold is determined by our auditor, BSI, based on the maturity of security measures and controls in place.

Cloud Security Alliance's (CSA) C-STAR Assessment is a rigorous third-party cloud security assessment jointly developed by the CSA and CEPREI Certification Body, as a China-focused cloud security certification that harmonizes CSA’s Cloud Controls Matrix with Chinese national standards.

Ribose is one of the first organizations worldwide, the first cloud service provider (CSP) outside Mainland China and the first Software-as-a-Service CSP to achieve certification to C-STAR Assessment.

Moreover, Ribose is the world’s only CSP compliant to all three of CSA’s globally recognized cloud assurance programs of the Security, Trust and Assurance Registry (STAR) family: STAR Attestation, STAR Certification, and C-STAR Assessment.

C-STAR Assessment features stronger control requirements than STAR Certification and STAR Attestation, requiring compliance to CSA's Cloud Controls Matrix 3.0.1 (CCM) as well as the China national standards GB/T 22080-2008, GB/T 22239-2008, and GB/Z 28828-2012. In particular, C-STAR requires a CSP to comply to 29 additional security and privacy controls particularly in the area of privacy, requiring organizations to respect and protect users’ privacy in accordance with both Chinese and internationally accepted privacy laws.

Ribose adopts and advocates the ‘highest-bar’ approach to cloud security. While each country has different cloud security requirements, by ensuring our platform meets the most stringent requirements of all, we are able to provide a higher level of security for all users.

The need to collaborate is natural and universal. Our platform is certified to multiple national, regional and international standards because we are committed to our users -- wherever they are based.

Ribose is the world's first cloud service provider to achieve Multi-Tiered Cloud Security (MTCS) certification, the world’s first multi-tiered cloud standard.

Initiated by the Infocomm Development Authority of Singapore (IDA) (now Infocomm Media Development Authority of Singapore (IMDA) and developed under the Information Technology Standards Committee (ITSC) supported by the IMDA and SPRING Singapore, MTCS is a Singapore Standard (SS 584:2013, SS 584:2015) that specifies stringent security and operational requirements for cloud service providers, encouraging adoption of sound risk management and security practices. The certification specifies three tiers of security certification, with Level 3 being the highest.

As the world's first Software-as-a-Service (SaaS) provider certified to the coveted Level 3 MTCS certification, Ribose has met the highest government-approved security standards, indicating that our platform is suitable for running high-impact workloads, serving business- and mission-critical purposes, and hosting sensitive information as well as highly confidential business data.

Ribose’s MTCS Level 3 certification was awarded following a thorough evaluation by BSI (British Standards Institution), a participating Certification Body for the MTCS standard. Ribose is also the first SaaS provider to be certified to SS 584:2015, with the certification covering the service regions of United States, Singapore and Hong Kong.

Ribose is committed to helping people work together more effectively and efficiently, and quality improvement has always been a cornerstone of that commitment.

Ribose is the first organization outside of the UK and the first technology company worldwide to achieve accredited certification to ISO 9001:2015, the newly revised international standard for Quality Management Systems, as well as the first organization worldwide to achieve simutaneous certification to both ISO 9001:2015 and ISO 14001:2015 standards. Ribose’s certification was issued the day ISO 9001:2015 was formally published.

ISO 9001 is the world’s most widely recognized standard for quality management systems, and its latest revision was published on 23 September 2015. The standard helps organizations consistently meet the needs of customers and other key stakeholders in both the delivery and continuous improvement of products and services.

This certification verifies Ribose’s ability to consistently meet the needs of customers and other key stakeholders in both the delivery and continuous improvement of products and services.

Ribose’s independent assessment and certification was performed by BSI (British Standards Institution), the originator of the ISO 9001 standard, and the first accredited certification body for ISO 9001:2015, accredited by the ANSI-ASQ National Accreditation Board (ANAB). Prior to the latest certification, Ribose was certified to the preceding standard ISO 9001:2008 by BSI.

Our commitment to helping people work together effectively and efficiently goes beyond its literal meaning -- extending to protecting the environment of the communities we serve.

Ribose is the first organization in Asia and outside of the UK to achieve accredited certification to ISO 14001:2015, the newly revised international standard for Environmental Management Systems, and is also the first technology company worldwide to receive this certification. Ribose's certification was issued the day our certifying body received the world's first accreditation for this standard by ANAB.

ISO 14001 is the international standard for environmental management systems, with its latest revision published on 15 September 2015, helps organizations comply with environmental regulations, minimizing their environmental footprint and improving their environmental performance.

By implementing environmental best practices, we are able to reduce our environmental footprint and enable our customers to achieve and integrate sustainability objectives into their respective supply chains. The certification verifies our ability to measure our environmental footprint and strive towards continuous improvement.

Ribose’s independent assessment and certification was performed by BSI (British Standards Institution), the originator of the ISO 14001 standard, and the first accredited certification body for ISO 14001:2015, accredited by the ANSI-ASQ National Accreditation Board (ANAB). Prior to the latest certification, Ribose was certified to the preceding standard ISO 14001:2004 by BSI.

Wellness and safety considerations apply to all industries –- and that includes office-based environments. With our customers and staff at the heart of our company, their wellbeing is our top priority.

Ribose has achieved certification to the ISO 45001:2018 international standard for occupational health and safety management systems, awarded by BSI (British Standards Institution) and accredited by ANAB (ANSI-ASQ National Accreditation Board). ISO 45001:2018 promotes healthy and safe working environments by setting out international best practices –- helping organizations manage and control risks, and continuously improve performance.

Achieving ISO 45001 certification demonstrates the sincerity of Ribose’s commitment to health and safety, and provides us with a framework for constant improvement.

As the world’s first and only casual collaboration platform to achieve certification to the ISO/IEC 20000-1:2011 international standard for information technology service management (ITSM), Ribose is committed to bringing world-class, enterprise-grade availability, service process quality to all of our users.

ISO/IEC 20000-1 is the international standard for service management systems. Based on the IT infrastructure library (ITIL®) best practice framework, ISO/IEC 20000-1 helps companies achieve evidence-based benchmarks to continuously improve service delivery. Previously, services that meet such stringent standards were only limited to a handful of services serving high-paying corporate customers.

Ribose’s certification is awarded by BSI (British Standards Institution), the originator of the ISO/IEC 20000-1 standard, accredited by ANAB (ANSI-ASQ National Accreditation Board), and recognized by the official ISO/IEC 20000 IT Service Management Certification Scheme created by itSMF (the IT Service Management Forum) and operated by the APM Group.

Ribose’s certification stand as indisputable proof that world-class security, availability and service management are no longer limited to enterprise cloud users. We bring these benefits to everyone, completely free of charge.

At Ribose, we recognize that users depend on our continued availability, and are dedicated to serving our users under any situation, with no excuses.

Ribose is certified to the international standard for business continuity, ISO 22301:2012. Ribose’s certification is accredited by UKAS (United Kingdom Accreditation Service) and awarded by BSI (British Standards Institution), the originator of the ISO 22301 standard itself.

ISO 22301 stipulates wide-ranging and stringent requirements for business continuity management systems (BCMS) that ensure an organization's business activities are resilient against disruptions and exceptional events. Ribose’s scope of certification was as comprehensive as possible, covering all processes, services and locations.

As the world's first and only collaboration platform to be awarded certification, you can be confident that Ribose can help you collaborate anywhere, anytime: even under extraordinary circumstances.

Ribose is certified to ISO/IEC 27001 by BSI (British Standards Institution), the originator of the standard itself, with the certification accredited by the ANAB (ANSI-ASQ National Accreditation Board). As the world's first casual collaboration platform to have achieved certification, Ribose is also one of the first organizations worldwide certified to the latest ISO/IEC 27001:2013 standard.

ISO/IEC 27001 is an international standard specifying sweeping requirements for information security management systems (ISMS). Certification is awarded only after a neutral and independent accredited auditor has conducted a comprehensive audit to assess and verify the compliance of all applications, systems, processes and services used by the organization. This certification verifies that ISO/IEC 27001 is indeed an integral part of all processes within Ribose.

We are proud that our scope of certification is as comprehensive as possible: from design, development and operations to support processes. Ribose gives you the confidence that your privacy and data will always be protected and handled securely.

The open nature of the cloud presents greater risks to data stored in the cloud. Cloud-specific specialized measures as well as a cloud-centric security mindset must be adopted to augment the traditional information security doctrine. Ribose is the world’s first SaaS platform compliant to the international cloud security standard, ISO/IEC 27017, certified by BSI (British Standards Institution).

Ribose is the world’s first SaaS platform compliant to the international cloud security standard, ISO/IEC 27017, certified by BSI (British Standards Institution), the originator of the ISO/IEC 27000 family of international information security standards.

The open nature of the cloud environment – providing broad network access, rapid elasticity, self-provisioning functionality and resource pooling – presents greater threats and risks to information stored in the cloud that exceeds the scope of traditional information security doctrine, requiring cloud-specific specialized measures as well as a cloud-centric security mindset.

Addressing the specific needs of cloud security, ISO/IEC 27017 builds upon ISO/IEC 27001 – providing additional controls and implementation guidance on architecture, technology and processes to ensure information security is well protected in the cloud. Taking into account that many cloud service providers are often customers of other cloud services, ISO/IEC 27017 also specifies implementation guidelines for both cloud service customers and cloud service providers, emphasizing each entity’s role in cloud security and protecting end users’ information.

Our certification demonstrates Ribose’s unwavering commitment to cloud security, and we are proud to be the world’s first cloud service provider to simultaneously cover all major cloud security certifications: CSA STAR Certification, STAR Attestation and C-STAR Assessment together with ISO/IEC 27017.

In today's world, privacy is more important than ever for collaborative work, which often include confidential data. Ribose believes that privacy is a right, not a luxury -- we are proud to be the world's first CSP that provides ISO/IEC 27018-level privacy protection to all users regardless whether they are paid or not.

Ribose is certified to ISO/IEC 27018, the international standard that governs the protection of personally identifiable information (PII) in public clouds for PII processors, by BSI (British Standards Institution), the originator of the ISO/IEC 27000 family of international information security standards.

ISO/IEC 27018 describes commonly accepted control objectives, controls and guidelines based on the eleven privacy principles contained in ISO/IEC 29100, to ensure that PII data is adequately protected when processed by a cloud PII processor.

This certification means that data managed by Ribose will never be sold to a third-party for advertising, nor subcontracted to parties that may breach the integrity of users’ data. This also means that users retain full control of their data stored on Ribose, and that we are transparent about where users’ data resides and how it is processed.

The performance of any organization is closely linked to the health of the environment in which it operates. Every organization should have a clear understanding of corporate responsibilities and a wider concern for the community and our shared environment.

As the world's first collaboration platform to achieve certification to ISO 50001:2011, we believe protection of our environment is best served through optimizing energy impact. ISO 50001 is the international standard for energy management that helps improve energy performance of organizations by specifying stringent requirements.

Our certification, awarded by BSI (British Standards Institution) and accredited by ANAB (ANSI-ASQ National Accreditation Board), confirms that our implementation of procedures and protocols are able to continually manage energy risks and improve our energy efficiency. We are proud to take the lead in encouraging other cloud service providers to proactively manage our environmental footprints.

Taking our commitment to holistic, comprehensive collaboration to heart, we have integrated our management systems into the world's most extensive integrated management system (IMS) certified to the PAS 99 standard.

PAS 99 is the world’s first framework for an IMS built on different management systems standards (MSS), aligned to ISO's Directive Annex SL, specifies requirements for streamlining MSSs allowing for improved business focus, a universal approach to risk mitigation and improved operational efficiency.

Certified by BSI (British Standards Institution), the originator of the PAS 99 standard, our IMS covers all seven of our management systems including: information security (ISO/IEC 27001), business continuity (ISO 22301), quality (ISO 9001), IT services (ISO/IEC 20000-1), environmental (ISO 14001), energy (ISO 50001) and occupational health and safety (ISO 45001) -- allowing us to effectively manage these aspects of our operations without the typical overhead that bog down non-integrated systems.

PAS 99 certification confirms that Ribose has integrated its management systems correctly, and that the IMS performs effectively – providing better oversight and control for our management team, while ensuring the highest level of service for our users.

Ribose was also the world's first organization to achieve certified integration of ISO 22301 and ISO 27001:2013.

Ribose received its Service Organization Controls (SOC) 2 report from international auditing firm Ernst & Young (EY).

SOC 2 is a widely recognized attestation, providing independent validation that companies’ internal controls comply with applicable American Institute of Certified Public Accountants’ (AICPA) Trust Services Principles and Criteria (TSP 100). SOC 2 Type II is an internal control report regarding risks associated with organizations’ services, including detailed testing of controls.

Ribose is the world's first organization to complete the SOC 2 attestation compliant with both TSP 100 and Cloud Security Alliance’s Cloud Controls Matrix, as well as being the first organization based in Hong Kong to receive a SOC 2 Type II report.

Ribose’s SOC attestations are among the first attestations utilizing AICPA’s newly revised TSP 100 standard with “common criteria” controls released in 2014, and are based on the TSP 100 security and availability principles and incorporate cloud security controls from CCM 3.0.1.

Distribution of the SOC 2 report is limited to certain parties. Our SOC 2 report is available to potential and current customers upon request by contacting Ribose support.

Ribose received its Service Organization Controls (SOC) 3 report and the SysTrust certification from international auditing firm Ernst & Young (EY).

Along with SOC 2, SOC 3 is a widely recognized attestation, providing independent validation that companies’ internal controls comply with applicable American Institute of Certified Public Accountants’ (AICPA) Trust Services Principles and Criteria (TSP 100). SOC 3 is intended for public consumption and includes fewer details than SOC 2.

Ribose is the world's first organization to achieve SOC 3 and SysTrust certification complying with both TSP 100 and Cloud Security Alliance’s Cloud Controls Matrix.

Ribose’s SOC attestations are among the first attestations utilizing AICPA’s newly revised TSP 100 standard with “common criteria” controls released in 2014, and are based on the TSP 100 security and availability principles and incorporate cloud security controls from CCM 3.0.1.

Our SOC 3 report can be viewed on the verification page accompanying this section.

Ribose is certified to OWASP Application Security Verification Standard (ASVS) at Level 2 verification. The OWASP ASVS standards provide a basis for testing web application technical security controls with a list of requirements for secure development.

The Ribose secure platform is tested at by a world-class, CREST-certified security team with over 30,000 hours of penetration testing experience, against 147 application security controls of the OWASP ASVS v2.0 Level 2 verification criteria covering all facets of application security through black box and white box testing, from business logic to cryptography, static analysis to OWASP Top 10 vulnerabilities. This assures that the Ribose platform provides security assurance for significant transactions, including those that process healthcare information, implement business-critical or sensitive functions, or process other sensitive assets.

Ribose is your trusted partner in building a responsible and secure supply chain by keeping your intellectual property secure.

Committed to protecting your intellectual property stored on our platform, Ribose is the world's first Software-as-a-Service (SaaS) cloud service provider certified to the Content Delivery and Security Association's (CDSA) Content Security and Protection (CPS) accreditation program, and has consistently been awarded the lowest risk rating possible at Green during its participation in the program from 2013 to July 2016.

CPS is an international standard developed and accepted by the world's largest content owners, setting stringent and comprehensive standards and procedures for the protection of intellectual property, including audited risk assessment and management of physical parameters, electronic systems and facilities handling intellectual property. Certification is awarded only after exhaustive audits performed by ISO-trained, CDSA auditors, who verify that all aspects of the CPS requirements have been met by an organization's sites.

Ribose has ceased participation in the CPS certification program due to program changes that took place in early 2016. However, we believe in the effectiveness of the CPS standard, and are committed to maintaining full compliance continuously.

Our full compliance to the CDSA CPS standard gives you confidence to collaborate freely on Ribose when working with valuable intellectual property, knowing that it is protected and secure.

Ribose is the world’s first collaboration platform to achieve both Cyber Essentials and Cyber Essential Plus certification, providing independent, third-party verification of our security systems and controls, and demonstrates our commitment to information security -- especially in respect of the UK market.

Cyber Essentials is a UK Government scheme that helps protect businesses against cyber threats, developed by CESG (the information security arm of GCHQ) and the Department of Business, Innovation and Skills (BIS) in conjunction with BSI (British Standards Institution), the Information Assurance for Small and Medium Enterprises (IASME) consortium and the Information Security Forum (ISF).

A two-level program mandatory for UK central government ICT (Information and Communications Technology) suppliers that handle sensitive and personal information, Cyber Essentials certification is awarded upon completion of a self-assessment questionnaire with independent verification, while Cyber Essential Plus certification is optional and provides a higher level of assurance through independent security controls testing by an external certifying body, focusing on resilience against external cyber threats.

Ribose completed Cyber Essentials certification by IASME in 2014, and received Cyber Essential Plus certification by Cyberis accredited by CREST in 2015.

Ribose is the first cloud service provider to pass the Hong Kong/Guangdong Cloud Security Assessment and Certification (CSAC) pilot scheme, demonstrating that our systems meet the highest international and Chinese information security standards. Given our security focus, customers in China can freely collaborate and innovate with confidence and peace of mind.

Supported by the Hong Kong/Guangdong Expert Committee on Cloud Computing Services and Standards of the Office of the Government Chief Information Officer (OGCIO) of Hong Kong, the scheme is sponsored by the Economic and Information Commission of Guangdong Province (GDEI) and operated by Guangzhou-based CEPREI Certification Body.

The scheme evaluates CSPs’ compliance with CEPREI’s newly developed cloud security management standard, based on international and China-specific information security and data protection standards, including: GB/T 22080-2008 (ISO/IEC 27001:2005), GB/T 22239-2008, GB/Z 28828-2012 and CSA’s Cloud Control Matrix 3.0.

Ribose represented Hong Kong as one of the participants in the pilot scheme, helping to improve standards and operational details, by drawing on its experience in cloud security compliance and best practices.

As the first cloud service provider to complete and pass the assessment, Ribose has demonstrated that our systems meet the highest international and Chinese information security standards. With our security focus, customers in China can freely collaborate and innovate with confidence and peace of mind.

The IASME Standard is a publicly-available, cyber security standard developed by the Information Assurance for Small and Medium Enterprises (IASME) consortium for small and medium-sized businesses in alignment with ISO/IEC 27001 principles.

Successful implementation of IASME allows an organization to demonstrate their level of cyber security and their protection of customers' information.

Ribose is the first company outside the UK to be certified to the IASME Standard.