Ribose is proud to be CalConnect's first Asia-based member,
to promote a more seamless calendaring and collaboration experience for
everybody across cultures.
Ribose believes that transparency is beneficial for all stakeholders and we
demonstrate our commitment by having our business profile and operational
details independently verified by BSI VerifEye, the
trusted and proven Supplier Verication Audit service from BSI, annually.
Ribose is a strong advocate of safe and secure cloud computing through greater
responsibility and accountability in the cloud service industry, and a
member of the Cloud Security Alliance (CSA).
Ribose is a member of the Open Invention Network (OIN), an
organization created to foster patent non-aggression for Linux producers and
users. With over 1,300 members, OIN is the world’s largest IPR community,
undertaking a range of activities to reduce members’ software patent risk.
Ribose is a member of the Cloud Industry Forum (CIF), a leading
alliance of cloud service providers established to provide transparency and
assist end users in determining core information necessary for them to adopt
such services.
The
Kitemark for Secure Digital Transactions (Kitemark for SDT)
from
BSI (British Standards Institution)
is the most rigorous security testing program available to date that validates
and evaluates the security of individual applications.
Ribose is the world’s first cloud Software-as-a-Service platform and
collaboration service to complete the stringent and highly selective
certification process to receive the cloud industry’s first Kitemark for Secure
Digital Transactions.
Ribose is committed to helping people work together more effectively and
efficiently, and quality improvement has always been a cornerstone of that
commitment.
Our commitment to helping people work together effectively and efficiently goes
beyond its literal meaning -- extending to protecting the environment of the
communities we serve.
Wellness and safety considerations apply to all industries –- and that includes
office-based environments. With our customers and staff at the heart of our
company, their wellbeing is our top priority.
As the world’s first and only casual collaboration platform
to achieve certification to the ISO/IEC 20000-1:2011
international standard for information technology service management (ITSM),
Ribose is committed to bringing world-class, enterprise-grade availability,
service process quality to all of our users.
The open nature of the cloud presents greater risks to data stored in
the cloud. Cloud-specific specialized measures as well as a cloud-centric
security mindset must be adopted to augment the traditional information
security doctrine.
Ribose is the world’s first SaaS platform compliant to
the international cloud security standard, ISO/IEC 27017,
certified by BSI (British Standards Institution).
In today's world, privacy is more important than ever for collaborative work,
which often include confidential data. Ribose believes that privacy is a
right, not a luxury -- we are proud to be the world's first CSP that
provides ISO/IEC 27018-level privacy protection to all users regardless whether
they are paid or not.
The performance of any organization is closely linked to the health of the
environment in which it operates. Every organization should have a clear
understanding of corporate responsibilities and a wider concern for the
community and our shared environment.
Ribose is certified to OWASP Application Security Verification Standard (ASVS)
at Level 2 verification. The OWASP ASVS standards provide a basis for testing
web application technical security controls with a list of requirements for
secure development.
Ribose is the world’s first collaboration platform to
achieve both Cyber Essentials and Cyber Essential Plus
certification, providing independent, third-party verification of our security
systems and controls, and demonstrates our commitment to information security
-- especially in respect of the UK market.
Ribose is the first cloud service provider to pass the Hong Kong/Guangdong
Cloud Security Assessment and Certification (CSAC) pilot scheme, demonstrating
that our systems meet the highest international and Chinese information
security standards. Given our security focus, customers in China can freely
collaborate and innovate with confidence and peace of mind.
Ribose is proud to be CalConnect's first Asia-based member,
to promote a more seamless calendaring and collaboration experience for
everybody across cultures.
CalConnect (The Calendaring and Scheduling Consortium) is a
not-for-profit organization advancing the state of
interoperable calendaring and scheduling. As a partnership between vendors of
calendaring and scheduling systems and tools, and the users of those tools, its
membership includes the world's largest software companies. Virtually every
important calendaring-related standard since 2004 has been authored edited
and/or co-edited by members of a CalConnect Technical Committee.
BSI VerifEye Verified Profile
Ribose believes that transparency is beneficial for all stakeholders and we
demonstrate our commitment by having our business profile and operational
details independently verified by BSI VerifEye, the
trusted and proven Supplier Verication Audit service from BSI, annually.
Ribose maintains a BSI Verified Profile in the
VerifEye Directory that includes business
operational details, physical location, photos as well as details of all
organizational certifications.
This means that Ribose has completed and passed annual Verification Audits
delivered by BSI's supply chain specialists, and that they have independently
verified our organizational details being true and accurate.
CDSA is a non-profit organization advocating the innovative and responsible
delivery and storage of entertainment, software, and information content. Among
its members are some of the world's largest intellectual property owners
including Adobe, Microsoft, Electronic Arts, Sony DADC, NBCUniversal and The
Walt Disney Company. Established in the 1970s, CDSA was previously known as the
International Recording Media Association (IRMA).
Cloud Security Alliance
Ribose is a strong advocate of safe and secure cloud computing through greater
responsibility and accountability in the cloud service industry, and a
member of the Cloud Security Alliance (CSA).
The CSA is a not-for-profit organization with a mission to promote the use of
best practices for providing security assurance within Cloud Computing, and to
provide education on the uses of Cloud Computing to help secure all other forms
of computing. CSA is led by a broad coalition of industry practitioners,
corporations, associations and other key stakeholders.
Over 29,000 UK public sector bodies including central government, local
government, health, education, devolved administrations, emergency services,
defence and not-for-profit organizations are eligible for this arrangement.
As an advocate of the open Internet and interoperable technologies, Ribose is a
supporter of OpenID and a member of the OpenID Foundation (OIDF).
The OIDF is a non-profit international standardization organization of
individuals and companies committed to enabling, promoting and protecting
OpenID technologies. Formed in June 2007, the foundation serves as a public
trust organization representing the open community of developers, vendors, and
users. OIDF assists the community by providing needed infrastructure and help
in promoting and supporting expanded adoption of OpenID.
MESA is a leading voice in the global media and entertainment industry. Its
members include some of the largest content owners and service providers in the
world, including Hollywood studios, music labels, software companies, and
game publishers.
Open Invention Network
Ribose is a member of the Open Invention Network (OIN), an
organization created to foster patent non-aggression for Linux producers and
users. With over 1,300 members, OIN is the world’s largest IPR community,
undertaking a range of activities to reduce members’ software patent risk.
As an OIN licensee, Ribose joins other community members in royalty-free
cross-licensing of Linux System patents to one another. Members agree to a
patent non-aggression pact, foregoing patent disputes between member
organizations in Linux and adjacent technologies.
Ribose is committed to collaborating with the wider Linux user community to
create a positive, nurturing environment for long-term development and strongly
supports OIN’s efforts.
International Association of Privacy Professionals
The IAPP is a not-for-profit association founded in 2000 with a mission to
define, promote and improve the privacy profession globally. As the world’s
largest and most comprehensive global information privacy community, IAPP is
the definitive resource organizations successfully manage their privacy risks
and protect their data.
Cloud Industry Forum
Ribose is a member of the Cloud Industry Forum (CIF), a leading
alliance of cloud service providers established to provide transparency and
assist end users in determining core information necessary for them to adopt
such services.
The Cloud Industry Forum (CIF) began in 2009 as a direct response
to the evolving supply models for the delivery of software and IT services that
has expanded well beyond the traditional on-premise method to one that now
embraces hosted and/or, pay-as-you-use Cloud solutions.
CIF’s purpose is twofold: To drive a common and public level of transparency
about the capability, substance and best practices of cloud service providers
through a process of self-certification to a Code of Practice; and to
promote trust to businesses and individuals wishing to leverage
the commercial, financial and agile operations capabilities that cloud service
providers offer.
Ribose's participation in CIF originated from its membership since 2012 in
EuroCloud UK, which was merged into CIF operations in 2017.
ACM Preferred Employer
Ribose is an ACM Preferred Employer dedicated to creating
a workplace culture that values innovation, self-improvement, and commitment to
society.
Association of Computing Machinery (ACM), established in 1947 with
the creation of the first stored-program digital computer, is the premier
membership organization for computing professionals, delivering resources that
advance computing as a science and a profession, enable professional
development and promote policies and research that benefit society.
EPEAT
Ribose is dedicated to protecting the environment and promoting sustainability.
EPEAT (Electronic Product Environmental Assessment Tool)
is a worldwide, comprehensive environmental standard, run by the
Green Electronics Council, that promotes
environmental responsibility and innovation by identifying greener electronics.
EPEAT is used by global companies, governments and consumers to rate, label and
promote environmentally preferable products.
As an EPEAT Purchasing Partner, Ribose is committed to purchasing
EPEAT-registered products as well as favoring suppliers that provide
EPEAT-registered products.
BSI Kitemark for Secure Digital Transactions
KM 637365
The
Kitemark for Secure Digital Transactions (Kitemark for SDT)
from
BSI (British Standards Institution)
is the most rigorous security testing program available to date that validates
and evaluates the security of individual applications.
Ribose is the world’s first cloud Software-as-a-Service platform and
collaboration service to complete the stringent and highly selective
certification process to receive the cloud industry’s first Kitemark for Secure
Digital Transactions.
Initially piloted by the banking industry, this Kitemark is the latest member
of the BSI Kitemark family, a symbol of trust and product quality that was
first granted in 1903 and is highly recognized worldwide.
An application certified to this Kitemark demonstrates rigorous validation to
banking-grade security, as well as data protection measures of the organization
that developed and operates the application, confirming it has been thoroughly
tested and meets recognized standards for security, reliability and quality.
In order to receive the Kitemark for Secure Digital Transactions, the
application or service must achieve three key criteria. First, a secure service
must be developed and operated within a secure environment that emphasizes
organizational security and process integrity. This criterion is best validated
by requiring the organization itself to achieve and maintain certification to
ISO/IEC 27001, covering all parts relating to the service and sensitive
information it handles, including application development, infrastructure
operations and transaction processing.
The second tenant of the Kitemark for Secure Digital Transactions is to achieve
validation of application security, which requires the service to undergo
rigorous internal and external penetration tests to the highest levels,
ensuring there are no known significant vulnerabilities or security
flaws. The application security tests are performed by a world-class,
CREST-certified security team with over 30,000 hours of penetration
testing experience, to the OWASPASVS v2.0
standard – the most stringent in industry. Under Level 2 verification, Ribose
is tested against 147 application security controls covering all facets of
application security through black box and white box testing, from business
logic to cryptography, static analysis to OWASP Top 10
vulnerabilities. This assures that the Ribose platform provides security
assurance for significant transactions, including those that process healthcare
information, implement business-critical or sensitive functions, or process
other sensitive assets.
The third criterion is continual independent monitoring and assessment to
ensure the security profile of the service provides assurance to the types of
data it handles, including ongoing application security tests, organizational
security audits, as well as Kitemark compliance audits and
risk assessments.
Our Kitemark certification is a testament to Ribose’s unwavering commitment to
providing a secure platform that prioritizes the protection of our customers’
data, and provides specific reassurance that our application itself features
appropriate protection for highly sensitive information and mission critical
projects.
Achieving STAR Attestation in conjunction with STAR Certification is powerful,
independent proof that Ribose adheres to the highest standards of security and
availability –- allowing you to rely on our platform to collaborate on valuable
intellectual property and confidential data with peace of mind.
STAR Attestation provides a framework for certified public accountants to
express an opinion of key factors relating to CSPs’ service descriptions, as
well as suitability and effectiveness of systems controls.
The STAR Certification is a stringent and comprehensive cloud security
certification jointly developed by CSA and
BSI (British Standards Institution) to address the
intricate security issues and inherent risks of the cloud environment.
Certification is only awarded after an independent accredited auditor has
conducted a thorough audit and verified that the organization's applications,
systems, processes and services fully comply with STAR requirements
including the CSA CCM and ISO/IEC 27001.
Our certification scope is as comprehensive as possible,
covering processes from design, development, operations to support processes in
our organization. Ribose’s rating of Gold is determined by our auditor,
BSI, based on the maturity of security measures and controls in
place.
C-STAR Assessment features stronger control requirements than STAR
Certification and STAR Attestation, requiring compliance to
CSA'sCloud Controls Matrix 3.0.1 (CCM)
as well as the China national standards
GB/T 22080-2008,
GB/T 22239-2008, and
GB/Z 28828-2012.
In particular, C-STAR requires a CSP to comply to 29 additional security and
privacy controls particularly in the area of privacy, requiring organizations
to respect and protect users’ privacy in accordance with both Chinese and
internationally accepted privacy laws.
Ribose adopts and advocates the ‘highest-bar’ approach to cloud security. While
each country has different cloud security requirements, by ensuring our
platform meets the most stringent requirements of all, we are able to provide a
higher level of security for all users.
The need to collaborate is natural and universal. Our platform is certified
to multiple national, regional and international standards because we are
committed to our users -- wherever they are based.
Multi-Tier Cloud Security (MTCS, SS 584) Level 3 Certification
Ribose’s MTCS Level 3 certification was awarded following a thorough evaluation
by BSI (British Standards Institution), a participating
Certification Body for the MTCS standard. Ribose is also the first SaaS
provider to be certified to SS 584:2015, with the certification covering the
service regions of United States, Singapore and Hong Kong.
ISO 9001 (Quality Management)
FS 615595
Ribose is committed to helping people work together more effectively and
efficiently, and quality improvement has always been a cornerstone of that
commitment.
Ribose is the first organization outside of the UK and
the first technology company worldwide to achieve accredited certification to
ISO 9001:2015, the newly revised international standard for
Quality Management Systems, as well as the first organization worldwide to
achieve simutaneous certification to both ISO 9001:2015 and ISO 14001:2015
standards. Ribose’s certification was issued the day ISO 9001:2015
was formally published.
ISO 9001 is the world’s most widely recognized standard for quality management
systems, and its latest revision was published on 23 September 2015. The
standard helps organizations consistently meet the needs of customers and other
key stakeholders in both the delivery and continuous improvement of products
and services.
This certification verifies Ribose’s ability to consistently meet the needs of
customers and other key stakeholders in both the delivery and continuous
improvement of products and services.
Our commitment to helping people work together effectively and efficiently goes
beyond its literal meaning -- extending to protecting the environment of the
communities we serve.
Ribose is the first organization in Asia and outside of the UK
to achieve accredited certification to ISO 14001:2015, the
newly revised international standard for Environmental Management Systems, and
is also the first technology company worldwide to receive this certification.
Ribose's certification was issued the day our certifying body received the
world's first accreditation for this standard by ANAB.
ISO 14001 is the international standard for environmental management systems,
with its latest revision published on 15 September 2015, helps organizations
comply with environmental regulations, minimizing their environmental footprint
and improving their environmental performance.
By implementing environmental best practices, we are able to reduce our
environmental footprint and enable our customers to achieve and integrate
sustainability objectives into their respective supply chains. The
certification verifies our ability to measure our environmental footprint and
strive towards continuous improvement.
Wellness and safety considerations apply to all industries –- and that includes
office-based environments. With our customers and staff at the heart of our
company, their wellbeing is our top priority.
Achieving ISO 45001 certification demonstrates the sincerity of Ribose’s
commitment to health and safety, and provides us with a framework for constant
improvement.
ISO/IEC 20000-1 (Service Management)
ITMS 615597
As the world’s first and only casual collaboration platform
to achieve certification to the ISO/IEC 20000-1:2011
international standard for information technology service management (ITSM),
Ribose is committed to bringing world-class, enterprise-grade availability,
service process quality to all of our users.
ISO/IEC 20000-1 is the international standard for service management systems.
Based on the IT infrastructure library (ITIL®) best practice
framework, ISO/IEC 20000-1 helps companies achieve evidence-based benchmarks to
continuously improve service delivery. Previously, services that meet such
stringent standards were only limited to a handful of services serving
high-paying corporate customers.
Ribose’s certification stand as indisputable proof that world-class security,
availability and service management are no longer limited to enterprise cloud
users. We bring these benefits to everyone, completely free of charge.
ISO 22301 (Business Continuity)
BCMS 611403
At Ribose, we recognize that users depend on our continued availability, and
are dedicated to serving our users under any situation, with no excuses.
ISO 22301 stipulates wide-ranging and stringent requirements for business
continuity management systems (BCMS) that ensure an organization's business
activities are resilient against disruptions and exceptional events. Ribose’s
scope of certification was as comprehensive as possible, covering all
processes, services and locations.
As the world's first and only collaboration platform
to be awarded certification, you can be confident that Ribose can help you
collaborate anywhere, anytime: even under extraordinary circumstances.
ISO/IEC 27001 is an international standard specifying sweeping requirements for
information security management systems (ISMS). Certification is awarded only
after a neutral and independent accredited auditor has conducted a
comprehensive audit to assess and verify the compliance of all applications,
systems, processes and services used by the organization. This certification
verifies that ISO/IEC 27001 is indeed an integral part of all processes within
Ribose.
We are proud that our
scope of certification is as comprehensive as possible:
from design, development and operations to support processes. Ribose gives you
the confidence that your privacy and data will always be protected and handled
securely.
ISO/IEC 27017 (Cloud Security)
CLOUD 653167
The open nature of the cloud presents greater risks to data stored in
the cloud. Cloud-specific specialized measures as well as a cloud-centric
security mindset must be adopted to augment the traditional information
security doctrine.
Ribose is the world’s first SaaS platform compliant to
the international cloud security standard, ISO/IEC 27017,
certified by BSI (British Standards Institution).
The open nature of the cloud environment – providing broad network access,
rapid elasticity, self-provisioning functionality and resource pooling –
presents greater threats and risks to information
stored in the cloud that exceeds the scope of traditional information security
doctrine, requiring cloud-specific specialized measures as well as a
cloud-centric security mindset.
Addressing the specific needs of cloud security, ISO/IEC 27017 builds upon
ISO/IEC 27001 – providing additional controls and implementation guidance on
architecture, technology and processes to ensure information security is well
protected in the cloud. Taking into account that many cloud service providers
are often customers of other cloud services, ISO/IEC 27017 also specifies
implementation guidelines for both cloud service customers and cloud service
providers, emphasizing each entity’s role in cloud security and protecting end
users’ information.
Our certification demonstrates Ribose’s unwavering commitment to cloud
security, and we are proud to be the world’s first cloud service provider to
simultaneously cover all major cloud security certifications: CSA STAR
Certification, STAR Attestation and C-STAR Assessment together with ISO/IEC
27017.
ISO/IEC 27018 (Cloud Privacy)
PII 641063
In today's world, privacy is more important than ever for collaborative work,
which often include confidential data. Ribose believes that privacy is a
right, not a luxury -- we are proud to be the world's first CSP that
provides ISO/IEC 27018-level privacy protection to all users regardless whether
they are paid or not.
Ribose is certified to ISO/IEC 27018, the international
standard that governs the protection of personally identifiable information
(PII) in public clouds for PII processors,
by BSI (British Standards Institution), the originator of the ISO/IEC
27000 family of international information security standards.
ISO/IEC 27018 describes commonly accepted control objectives, controls and
guidelines based on the eleven privacy principles contained in ISO/IEC 29100,
to ensure that PII data is adequately protected when processed by a
cloud PII processor.
This certification means that data managed by Ribose will never be sold to a
third-party for advertising, nor subcontracted to parties that may breach the
integrity of users’ data. This also means that users retain full control of
their data stored on Ribose, and that we are transparent about where
users’ data resides and how it is processed.
ISO 50001 (Energy Management)
EnMS 618402
The performance of any organization is closely linked to the health of the
environment in which it operates. Every organization should have a clear
understanding of corporate responsibilities and a wider concern for the
community and our shared environment.
As the world's first collaboration platform to achieve
certification to ISO 50001:2011, we believe protection of our
environment is best served through optimizing energy impact. ISO 50001 is the
international standard for energy management that helps improve energy
performance of organizations by specifying stringent requirements.
Our certification, awarded by BSI (British Standards Institution)
and accredited by ANAB (ANSI-ASQ National Accreditation Board),
confirms that our implementation of procedures and protocols are able to
continually manage energy risks and improve our energy efficiency. We are proud
to take the lead in encouraging other cloud service providers to proactively
manage our environmental footprints.
PAS 99 is the world’s first framework for an IMS built on different management
systems standards (MSS), aligned to ISO's Directive Annex SL,
specifies requirements for streamlining MSSs allowing for improved business
focus, a universal approach to risk mitigation and improved operational
efficiency.
PAS 99 certification confirms that Ribose has integrated its management systems
correctly, and that the IMS performs effectively – providing better oversight
and control for our management team, while ensuring the highest level of
service for our users.
Ribose’s SOC attestations are among the first attestations utilizing AICPA’s
newly revised TSP 100 standard with “common criteria” controls released in
2014, and are based on the TSP 100 security and availability principles and
incorporate cloud security controls from CCM 3.0.1.
Distribution of the SOC 2 report is limited to certain parties. Our SOC 2
report is available to potential and current customers upon request by
contacting Ribose support.
AICPA Service Organization Controls (SOC) 3 and SysTrust
Ribose’s SOC attestations are among the first attestations utilizing AICPA’s
newly revised TSP 100 standard with “common criteria” controls released in
2014, and are based on the TSP 100 security and availability principles and
incorporate cloud security controls from CCM 3.0.1.
Our SOC 3 report can be viewed on the verification page accompanying this
section.
OWASP Application Security Verification Standard
Ribose is certified to OWASP Application Security Verification Standard (ASVS)
at Level 2 verification. The OWASP ASVS standards provide a basis for testing
web application technical security controls with a list of requirements for
secure development.
The Ribose secure platform is tested at by a world-class, CREST-certified security
team with over 30,000 hours of penetration testing experience, against 147
application security controls of the OWASPASVS v2.0 Level 2 verification criteria covering all facets
of application security through black box and white box testing, from business
logic to cryptography, static analysis to OWASP Top 10
vulnerabilities. This assures that the Ribose platform provides security
assurance for significant transactions, including those that process healthcare
information, implement business-critical or sensitive functions, or process
other sensitive assets.
CDSA Content Protection & Security
Ribose is your trusted partner in building a responsible and secure supply
chain by keeping your intellectual property secure.
CPS is an international standard developed and accepted by the world's largest
content owners, setting stringent and comprehensive standards and procedures
for the protection of intellectual property, including audited risk assessment
and management of physical parameters, electronic systems and facilities
handling intellectual property. Certification is awarded only after exhaustive
audits performed by ISO-trained, CDSA auditors, who verify that all aspects of
the CPS requirements have been met by an organization's sites.
Ribose has ceased participation in the CPS certification program due to program
changes that took place in early 2016. However, we believe in the effectiveness
of the CPS standard, and are committed to maintaining full compliance
continuously.
Our full compliance to the CDSA CPS standard gives you confidence to
collaborate freely on Ribose when working with valuable intellectual property,
knowing that it is protected and secure.
Cyber Essentials Plus
Ribose is the world’s first collaboration platform to
achieve both Cyber Essentials and Cyber Essential Plus
certification, providing independent, third-party verification of our security
systems and controls, and demonstrates our commitment to information security
-- especially in respect of the UK market.
A two-level program mandatory for UK central government ICT (Information and
Communications Technology) suppliers that handle sensitive and personal
information, Cyber Essentials certification is awarded upon completion
of a self-assessment questionnaire with independent verification, while Cyber
Essential Plus certification is optional and provides a higher level of
assurance through independent security controls testing by an external
certifying body, focusing on resilience against external cyber threats.
Ribose completed Cyber Essentials certification by IASME in 2014,
and received Cyber Essential Plus certification by Cyberis accredited by
CREST in 2015.
Hong Kong/Guangdong CSAC
Ribose is the first cloud service provider to pass the Hong Kong/Guangdong
Cloud Security Assessment and Certification (CSAC) pilot scheme, demonstrating
that our systems meet the highest international and Chinese information
security standards. Given our security focus, customers in China can freely
collaborate and innovate with confidence and peace of mind.
Ribose represented Hong Kong as one of the participants in the pilot scheme,
helping to improve standards and operational details, by drawing on its
experience in cloud security compliance and best practices.
As the first cloud service provider to complete and pass the assessment, Ribose
has demonstrated that our systems meet the highest international and Chinese
information security standards. With our security focus, customers in China can
freely collaborate and innovate with confidence and peace of mind.