BrightLine Now Accredited ISO 27001 Certification Body

BrightLine, a global provider of assurance and compliance services, is proud to announce that it is now an accredited ISO 27001 Certification Body. The accreditation is maintained through ANAB, the accreditation agency for management systems in the United States. BrightLine is the only CPA firm in the world that can provide accredited ISO 27001 certification in combination with service organization controls reporting (i.e., SAS 70, SSAE 16, SOC 1) and PCI DSS compliance validation.

ISO 27001 is the internationally recognized standard for the initiation, implementation, maintenance, and management of an information security management system (ISMS). ISO 27001 certification has been widely accepted in Europe and Asia for many years, and is rapidly growing in popularity in the United States. Several high profile companies recently announced ISO 27001 certification, including Amazon Web Services, Microsoft, and Mozy, a subsidiary of the Fortune 500 company EMC Corporation.

“While SAS 70, SSAE 16 and PCI DSS examinations are often considered a requirement of doing business, ISO 27001 certification is a proactive measure that publicly distinguishes organizations that comply with the international standards,” said Christopher Schellman, President of BrightLine. “As such, BrightLine is excited to be the first and only service provider in the world capable of providing all of these complementary compliance solutions.”

One company that has already realized the benefit of BrightLine’s integrated service offering is Mozy, an industry leading online backup service from EMC Corporation. “The ISO 27001 certification and SAS 70 audit provided by BrightLine demonstrates our dedication and commitment to protecting our customers’ data by making sure our own operations are properly controlled,” said Charlotte Yarkoni, Chief Operating Officer of Mozy. “We’re not asking customers to simply take our word for it, as our ISO certification and Type 2 SAS 70 audit provide independent third party confirmation of the high standards we hold ourselves to in providing our services.”

BrightLine issues a certificate of registration to organizations that successfully demonstrate the operation of an ISMS that conforms with the requirements of ISO 27001. Clients may share this certificate with their customers and use it for other marketing purposes. The BrightLine certification mark is also provided and may be displayed on clients’ websites as evidence of certification. This seal is hyperlinked to BrightLine’s certificate directory, allowing interested parties to validate the authenticity and status of a certificate of registration.

To learn more about our integrated suite of services including ISO 27001 certification, SSAE 16 examination, or PCI DSS validation, please visit our website at


BrightLine CPAs and Associates, Inc. (“BrightLine”) is a global provider of assurance and compliance services. As the only company in the world fully accredited to provide a suite of services that includes SAS 70 audits, SSAE 16 examinations, PCI DSS compliance validations and ISO 27001 certifications, BrightLine offers clients the unique opportunity to achieve multiple compliance objectives through a single third party assessor.

BrightLine serves hundreds of clients each year, including many Fortune 1000 and publicly traded companies. Our company is a certified public accounting firm registered with the Public Company Accounting Oversight Board, a licensed Payment Card Industry Qualified Security Assessor (PCI QSA) company, and an ANAB accredited ISO 27001 Certification Body. For further information, please visit



B2B APIs aren’t just for large enterprises anymore — middle-market firms and SMBs now realize their potential for enabling low-cost access to real-time payments and account data. But those capabilities are only the tip of the API iceberg, says HSBC global head of liquidity and cash management Diane Reyes. In this month’s B2B API Tracker, Reyes explains how the next wave of banking APIs could fight payments fraud and proactively alert middle-market treasurers to investment opportunities.

Click to comment