Security and Compliance

The Indian AEO Programme, which started in 2011, was designed to set standards to secure and to facilitate the ever-growing flow of goods in international trade. Each entity holding an AEO Certificate collaborated with Indian Customs to ensure safety and security in the Supply Chain.

The CAIQ measures a cloud provider's compliance with the Cloud Security Alliance’s Cloud Controls Matrix (CCM), a globally recognized security control framework for cloud computing.

CTPAT is a voluntary public-private sector partnership program which recognizes that CBP can provide the highest level of cargo security only through close cooperation with the principle stakeholders of the international supply chain such as importers, carriers, consolidators, licensed customs brokers, and manufacturers.

ISO 9001 is the international standard for quality management systems (QMS). It provides a framework for organizations to consistently deliver products and services that meet customer and regulatory requirements while driving continuous improvement and operational efficiency.

ISO 14001 is the international standard for environmental management systems (EMS). It helps organizations improve environmental performance by managing environmental responsibilities systematically, reducing waste, conserving resources, and ensuring compliance with environmental regulations.

ISO 21434 is the international standard for road vehicles—cybersecurity engineering. It defines requirements for cybersecurity risk management throughout the lifecycle of automotive systems, including design, development, production, operation, maintenance, and decommissioning.

ISO 26262 is the international standard for road vehicles—functional safety. It establishes requirements for the safety of electrical and electronic systems in production automobiles, ensuring risks from system malfunctions are reduced to acceptable levels across the entire lifecycle.

ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes.

ISO 27701 is developed to provide a standard for data privacy controls, which, when coupled with an ISMS, allows an organization to demonstrate effective privacy data management. It establishes the parameters for a PIMS in terms of privacy protection and processing personally identifiable information (PII).

ISO 50001 is the international standard for energy management systems (EnMS). It provides a framework for organizations to improve energy performance, increase efficiency, reduce costs, and minimize environmental impact by managing energy use systematically.

NVIDIA is committed to protecting your privacy. Full privacy policy is available here.

SIG Lite is a repository of third-party information security and privacy questions, indexed to multiple regulations and control frameworks. SIG Lite framework contains around 150 questions.

SOC reports & certification are the output of an annual 3rd party external audit of security controls.  The audits, reports and certification follow the Statement on Standards for Attestation (SSAE) 18 requirements set out by the American Institute of Certified Public Accountants (AICPA).