Latest news with #SOC
Tom's Guide
9 hours ago
- Business
- Tom's Guide
Proton passes its first SOC 2 Type II audit, verifying its business security credentials
Proton, which provides VPN and secure mail services, has passed its first SOC 2 Type II audit. Completed in July 2025, this comes in addition to annual third-party security audits of Proton VPN's processes. SOC 2 Type II is a widely recognized standard for business security. It confirms that robust systems are in place, and that security processes are consistently followed in practice across the organization. Proton is best known for Proton VPN and Proton Mail, but also provides calendar, storage, password management, and crypto wallet tools. All of these services are covered by Proton's SOC 2 Type II security auditing. The Service Organization Control (SOC) audit framework tests how providers handle sensitive information, covering both control systems and their implementation. Running the audit demonstrates a commitment to data security, and it's particularly important in areas such as finance, healthcare, and regulated industries where security compliance is critical. In sectors such as these, SOC 2 compliance is a baseline requirement. The result brings Proton VPN into line with competitors such as NordLayer, NordVPN's business solution, which has also passed a SOC 2 Type 2 audit and has ISO 27001 certification. Other leading providers like Surfshark and ExpressVPN have not yet run SOC 2 audits, though they do have independent security testing programs which support the claims of their no-logs policies. Proton's SOC 2 Type II auditing process was run by Schellman, an independent auditing firm with experience in the technology sector. In preparation, the firm sought to formalize and document its processes and controls across areas including access management, incident response, risk assessment, and system monitoring. Proton reports that this process didn't involve any larger overhaul of its services, however. Following this, Schellman inspected how Proton's security controls are implemented across its infrastructure, running technical reviews, assessing documentation, and interviewing staff. At the end of the process, Proton successfully achieved the standard required for SOC 2 Type II validation. In a statement, Proton's Head of Security, Patricia Egger, said, 'Proton was built on the idea that privacy is a human right – and trust still has to be earned... Proton's SOC 2 Type II attestation proves that our security isn't just technical – it's operational. We meet strict, independently audited standards for how we handle data, systems, and processes.' And that matches what we've found with Proton's products. Based on our testing, we rate Proton VPN as one of the best VPNs available, noting that it particularly stands out for its advanced security features. Proton has taken a number of steps to prove the security of its systems. All the firm's apps are open source, meaning that the developer community is free to inspect the codebase and report on any issues or vulnerabilities that could compromise its software. Supporting this, the company has a public bug bounty program that offers rewards of up to $10,000, and the organization also runs regular penetration testing on its services. In addition, Proton VPN runs an annual third-party audit of its no-logs policy. This is carried out by Securitum, a major security auditing company based in Poland. The third and most recent audit was published in July 2024. Reporting on this, Proton published detailed notes on the questions that Securitum asked and what it found, going beyond the executive summaries that other providers sometimes offer on their audits. Alongside this, Proton achieved ISO 27001 certification in May 2024. This is an international standard for information security management systems, with best practice standards for managing data security. The firm also has HIPAA support and GDPR and Swiss DPA compliance, meeting further regulatory requirements for business users. We extensively tested the product for our full Proton VPN review and didn't find any evidence of DNS leaks or issues with the product's kill switch feature. Looking ahead, Proton states that it is committed to increasing transparency, to developing its security infrastructure, and to helping businesses better assess its services. In addition, Proton reports that the results of the SOC 2 report are available for customers on request and that its team will be happy to discuss the findings of the audit. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button. We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
GMA Network
2 days ago
- Business
- GMA Network
SSS issues revised calamity loan guidelines aid lower interest rate
People on board a truck are evacuated out of a flooded village following monsoon rains in Cainta, Rizal, July 22, 2025. REUTERS/Eloisa Lopez The Social Security System (SSS) on Wednesday said it is issuing the revised Calamity Loan Program (CLP) guidelines aimed at helping members in areas declared under State of Calamity (SOC) due to various natural disasters, including Tropical Cyclone 'Crising.' In a statement, SSS president and CEO Robert Joseph de Claro said the issuance of revised CLP guidelines follows through on the announcement of President Ferdinand Marcos Jr. on May 1, 2025, during which he announced the reduction of interest rates for salary and calamity loans. 'We proposed and obtained approval of the Social Security Commission, headed by our Chairperson Finance Secretary Ralph Recto, to reduce interest rates for calamity loans to 7% per annum from the current rate of 10%. This follows the reduction of interest rate for salary loans to 8% per annum from the previous 10% which was implemented last month,' De Claro said. The reduced interest rates applies for members with 'good credit records' such as loan applicants without availment of penalty condonation for the past five years. The revised guidelines have also been tweaked to allow calamity loan renewal after six months provided that the existing CLP is not past due. 'An important improvement in the revised guidelines is the streamlining of the activation process of the Calamity Loan Program (CLP) which will allow activation of the program within seven working days from the calamity event date. Previously, activation of the calamity loan program takes about one month,' De Claro said. 'SSS Branch Operations Sector and International Operations Group units will have a more active role in the activation process when they endorse State of Calamity declarations to the SSS Member Loans Department within two calendar days from date of issuance,' he added. The salient features of the revised CLP guidelines are as follows: Loanable amount: Equivalent to one Monthly Salary Credit (MSC) computed based on the average of the last 12 MSCs rounded up to the nearest thousand or the amount applied for, whichever is lower and capped at P20,000. Availment period: Up to 30 calendar days to commence on the date of announcement of the availability of the CLP in a newspaper of wide circulation. Eligibility requirements: Members must have at least 36 monthly contributions – six of which must be posted within the last 12 months prior to the month of filing. For individually paying members, they must also have at least six posted contributions under their current membership type (self-employed, voluntary, or land-based OFW) and must be registered in the SSS website ( facility) for filing of online application. A member must also have no past due loan accounts and no outstanding restructured loan and must have not been granted any final benefit. Moreover, a member must be of legal age and under 65 years of age at the time of application for loan and must have not been disqualified due to fraud committed against the SSS. Employer of employed member must be updated in payment of contributions and loan remittances. Filing of loan application: A member may file / submit the calamity loan application online through the SSS website by accessing his / her account or through the SSS Mobile App. Release of loan proceeds: Loan proceeds shall be released through active UMID ATM card or active single account in any PESONet participating bank in the name of the member which must be enrolled in the Disbursement Account Enrollment Module (DAEM) of the member-borrower's account. Repayment term and schedule of payment: The loan shall be payable within two years in 24 equal monthly amortizations. The loan amortization shall start on second month following the month of approval of the loan. Service fee: Service fee of 1% of loanable amount shall be charged and deducted from proceeds of the loan. Penalty: Loan amortization not remitted on due date shall bear a penalty of 1% per month computed and charged for every day of delay. If the loan remains unpaid after 24 months, 10% annual interest and 1% monthly penalty will apply until fully paid. 'With the issuance of the revised CLP guidelines, SSS will provide emergency financial relief to mitigate impact of natural disasters to members and help get them toward the path of recovery under liberalized terms and conditions,' De Claro said. In 2024, the SSS disbursed nearly P10 billion in calamity loans to over 560,000 affected members. For this ear, the SSS is earmarking approximately P20 billion for calamity loans, 'underscoring its commitment to helping members recover financially from natural disasters.' — RSJ, GMA Integrated News
The Herald Scotland
2 days ago
- Politics
- The Herald Scotland
Greens election official resigned over 'anomaly' in results
She said: 'Hi all, I just wanted to say a couple of things about the situation as I understand it. As I see it, I did two things wrong.' 'Not spotting the anomaly in the results spreadsheets when they were initially sent to me, the cocos of SOC and the cocos of ECC, as well as to staff.' A screenshot of the message, viewed by The Herald. (Image: NQ) 'Going along with a statement yesterday reassuring people that there were no realistic doubts about the results when I was not sure that that was the case.' It is unclear what the 'cocos of SOC and the cocos of ECC' refers to. Last night, The Herald received a statement from the Scottish Greens official communications team which stated: "The party's Internal Elections Officer has confirmed that the process and the methodology used are compliant with our selections procedure, and the lists published are correct. "The IEO has verified that the count was conducted using iterative rounds of STV, specifically the Weighted Inclusive Gregory method, and was done as a bottom-up process." However, Ms Joester later told members she had not approved the statement, and that she was standing down from her position. Today, she said: 'I was not aware that the statement had gone to the media at the point where I expressed my unwillingness to proceed with it. 'I think others involved thought I was aware. Either way, I think I needed to resign as IEO because I hadn't done a good enough job.' Party bosses have come under fire in recent years as a result of the Bute House Agreement. (Image: PA) 'I do not know whether or not there is a problem with the results,' she added in the message, sent at 2.31 PM on Tuesday. 'MiVoice [an electoral counting service] assured the party yesterday that they carried out iterated stages of STV with the votes of excluded candidates transferred between stages. 'That is the understanding I had about what we had asked them to do - while MiVoice were originally commissioned to carry out this ballot before my tenure as interim Internal Elections Officer, 'I have spoken to them to clarify what was needed over the past few weeks. They have offered to clarify their processes in due course, and I think we should wait until that has happened.' Activist Ellie Gomersall challenged Patrick Harvie for the top spot on the list. (Image: Ellie Gomersall) It is understood the party has been asked to review the count in Glasgow, after co-leader Patrick Harvie survived an attempt by activist Ellie Gomersall to remove him as the party's top candidate. It was also asked to review the count in the North East of Scotland, where MSP Maggie Chapman was ousted by former employee Guy Ingerson. A source inside the party told The Herald: ''Honestly, I feel bad for Kate. It's the s******* job in the party. That being said, she should have noticed the inconsistency in the numbers. I think resigning now is a cop-out though, she should have remained in post and fought for those raising issues, It's the IEO's job.' 'It looks like she has been thrown under the bus by the Executive, who have totally shirked their responsibility to oversee and ensure fair party democracy.' Read more: Maggie Chapman ousted as top Green candidate ahead of Holyrood 2026 Scottish Greens release statement on contests after members demand recounts Turmoil deepens as Greens elections officer quits in selection contests row Last night, party executive co-chairs Zoe Clelland and Carolynn Scrimgeour told members: 'We recognise the spreadsheets provided by the supplier may not be very easy to follow, even for members with experience of STV election results…' 'We plan to ask the supplier to provide further guidance and detail to ensure the results can be examined with maximum transparency. Please bear with us while we explore this with the external voting provider.' The Scottish Greens have been approached for comment.
Business Wire
2 days ago
- Business
- Business Wire
Seismic Earns ISO 42001 Certification, Leading the Way in Trusted Enterprise AI
SAN DIEGO--(BUSINESS WIRE)-- Seismic, the global leader in AI-powered enablement, today announced it has achieved ISO 42001 certification, the first international standard for managing AI responsibly across the enterprise. This certification reinforces Seismic's commitment to trust, transparency, and governance as it scales AI innovation across its platform and customer ecosystem. With this milestone, Seismic strengthens its position as a trusted partner to organizations in highly regulated industries such as financial services, life sciences, and insurance — sectors that require strict governance over how data and AI are managed. 'As more companies integrate AI into their go-to-market strategies, confidence and clarity around its use become critical,' said Doug Winter, co-founder and CEO, Seismic. 'This certification reflects the intentional progress we've made as an AI-first company. At Seismic, we're committed to responsible innovation, ensuring every AI capability we deliver protects customer data, operates within enterprise safeguards, and earns the trust that thousands of organizations place in Seismic every day.' Published by the International Organization for Standardization (ISO), ISO 42001 establishes a global benchmark for AI governance, oversight, and risk management. Seismic becomes one of the first technology providers supporting revenue and go-to-market (GTM) teams to attain ISO 42001, which covers the entire Seismic Enablement Cloud TM, including Aura AI, Seismic's AI engine that powers all AI features across the platform. With this milestone, Seismic strengthens its position as a trusted partner to organizations in highly regulated industries such as financial services, life sciences, and insurance — sectors that require strict governance over how data and AI are managed. Customers can count on Seismic's AI to be: Designed for trust and transparency: Every AI feature respects existing user permissions, content access rules, and administrative controls. AI features are clearly disclosed for transparency and informed user interactions. Aligned to global standards: Seismic's AI systems are built and managed according to best practices across people, process, and technology. Integrated and scalable: Whether a rep is working in Seismic or through an integration partner like Microsoft, Slack, Salesforce, or other enterprise tools, Seismic's AI operates within a secure, compliant ecosystem. Protective of customer data: Content is never shared with public models, and no customer data is stored or retained by third-party LLM providers. This certification joins Seismic's growing portfolio of enterprise-grade credentials, including SOC 2 Type II, ISO 27001, and ISO 27701, and reflects its long-standing commitment to responsible innovation. Learn more at About Seismic Seismic is the global leader in AI-powered enablement, empowering go-to-market leaders to drive strategic growth and deliver exceptional customer experiences at scale. The Seismic Enablement Cloud™ is the only unified AI-powered platform that prepares customer-facing teams with the skills, content, tools, and insights needed to maximize every buyer interaction and strengthen client relationships. Trusted by more than 2,000 organizations worldwide, Seismic helps businesses achieve measurable outcomes and accelerate revenue growth. Seismic is headquartered in San Diego with offices across North America, Europe, Asia and Australia. Learn more at
Daily Mirror
3 days ago
- Business
- Daily Mirror
Huge plans to build undersea tunnel network in UK hits major milestone
Ambitious proposals to build a huge network of undersea UK tunnels have been discussed for years, but always failed to gain momentum. However, the plan just got one step closer to becoming reality Ambitious plans to create a network of undersea tunnels connecting one of the UK's most isolated regions have taken a 'significant step' forward. Famed for its secluded white beaches, rugged grassy cliffs and crystal-clear waters, the Shetland Islands (commonly referred to as just Shetland) consists of roughly 100 picturesque isles, with only 16 of them being inhabited. Situated some 110 miles from mainland Scotland, and 140 miles west of Norway - the archipelago is the northernmost region of the UK. Despite only having a tiny population of around 23,000 - the archipelago attracts around four times the number of tourists every single year. However, for residents and holidaymakers alike, getting from island to island isn't always easy. At the moment, there appear to be only two airports in Shetland that have scheduled flights (Sumburgh and Lerwick/Tingwall), meaning the most common way to cross the rough waters is via ferry. However, the archipelago could soon be efficiently linked together by a huge network of tunnels. It's an idea that would be life-changing for many locals, and industries such as salmon farming, which has been in the works for years but always failed to gain momentum. However, last month the Shetland Islands Council had a meeting to approve the Network Strategy - Strategic Outline Case (SOC) report, presented by Stantec in partnership with COWI, Mott Macdonald and ProVersa. The report is designed to establish the case for investment in ferries and harbours and, in some cases fixed links, including tunnels. In what has been described as a 'significant step', the council agreed to fund a study to establish the commercial and financial viability of fixed links and the future steps required to move the project forward. If the early plans go ahead, Shetland could see enhanced ferry services for Fetlar, Foula, Papa Stour and Skerries, together with the case for tunnels to Bressay, Unst, Whalsay and Yell. "Tunnelling in Shetland is, ultimately, about future-proofing our island population," said Council Leader Emma Macdonald. "Transport connectivity is central to creating sustainable islands which provide good homes and good jobs for our people, and which can reverse decades of depopulation." The councillor pointed to the Faroe Islands, a self-governing archipelago that's part of the Kingdom of Denmark, located some 200 miles further out into the Atlantic. Despite its isolated position, the 18 islands are actually connected by 23 tunnels, four of which run below the sea. One of these is a 7.1-mile tunnel which connects the island of Streymoy to two sides of a fjord on the island of Eysturoy, and features the world's only undersea roundabout nicknamed the Jellyfish. "Tunnelling from mainland Shetland to our outer islands could increase their population, lower their average age, and increase their economic prospects," she added. "It's also critical that we continue to invest in a resilient and reliable ferry service to support all our islands. The Council has today approved this latest recommendation, and as a result this represents a significant step towards the construction of tunnels between our islands." Isles MP Alistair Carmichael also welcomed the move, arguing that tunnels have the potential to transform Shetland's economy and communities. "We have seen a few false dawns on tunnels for Shetland – now is the time to deliver on their promise," he said. "I am glad that the Council is putting investment into this project to move it to the next stage. "The Stantec report made it clear that the choice is between either investing further in the ferry service or in fixed links. That means that tunnels can no longer be dismissed as the 'high cost' option relative to ferries, which is good news as we go into the next stage of development... It has been a long road just to reach this point and there is still a long way to go but I am glad that progress is being made." Details on how much such a project would cost, or how long it would take to construct, have yet to be announced.
