Marlabs Inc. is committed to delivering high standards of excellence and holds several certifications, including CMMI Level 5 and SSAE 16 Type II, indicating its strong focus on quality and performance management. As a certified minority business enterprise, Marlabs connects corporate America with minority-owned businesses while adhering to ISO 9001:2000 and ISO 27001 standards for quality and information security management. The company is also recognized as a HITRUST CSF Assessor, enabling it to assist healthcare organizations in implementing effective security management programs.

1. Certifications
Delivering the highest standards of excellence!

2. Marlabs Inc © all rights reserved 2015. www.marlabs.com
CERTIFICATIONS
Delivering at the highest standards of excellence defines Marlabs' commitment to all the stakeholders. This
is the key to all our processes and project deliverables. Marlabs is a CMMI and SSAE 16 Type II certified
company. Our strong and flexible Process and Quality Management System (PQMS) that was developed
based on industry best practices and standards, such as SEI CMMI, ISO 9001:2000, ISO 27001, SAS,
PMBOK, and PCMM further exhibit our focus on quality.
CMMI
CMMI is a proven approach to performance management with decades of results showing
it works. Organizations using CMMI have predictable cost, schedule, and quality—
business results that serve as discriminators among their competitors. CMMI is built with
practices and goals seen in thousands of real organizations worldwide. CMMI provides
guidance for efficient, effective improvement across multiple process disciplines in an
organization.
It benefits the organization by providing a common, integrated vision of improvement. The
ultimate benefit is improved performance that means decreased costs, improved on-time
delivery, improved productivity, improved quality, and improved customer satisfaction.
CMMi Level 5
Marlabs is a CMMI Level 5 certified company. An assessment at maturity Level 5
demonstrates that Marlabs is functioning at an "optimizing" level, a level at which an
organization continually improves its processes based on a quantifiable understanding of
its performance requirements and business objectives.
CMMI Institute
Minority Business Enterprise (Issued: 9-4-2013)
The National Minority Supplier Development Council, Inc. ® (NMSDC®) provides a direct

3. Marlabs Inc © all rights reserved 2015. www.marlabs.com
link between corporate America and minority-owned businesses. NMSDC is one of the
country's leading business membership organizations. It was chartered in 1972 to provide
increased procurement and business opportunities for minority businesses of all sizes.
Marlabs is a Minority Business Enterprise certified by NMSDC. Their rigorous certification
process is considered the gold standard for certifying minority-owned businesses by
corporate America. The NMSDC Affiliate Regional Councils located throughout the country
are responsible for certifying businesses owned by Asian, Black, Hispanic and Native
American business owners using guidelines established by the National Minority Supplier
Development Council.
http://www.nmsdc.org
ISO 9001:2000
ISO 9001:2000 specifies requirements for a quality management system where an
organization needs to demonstrate its ability to consistently provide product that meets
customer and applicable regulatory requirements, and aims to enhance customer
satisfaction through the effective application of the system, including processes for
continual improvement of the system and the assurance of conformity to customer and
applicable regulatory requirements.
www.iso.org
SSAE-16.com
Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on
Controls at a Service Organization, was finalized by the Auditing Standards Board of
the American Institute of Certified Public Accountants (AICPA) in January 2010.
SSAE 16 was drafted with the intention and purpose of updating the US service
organization reporting standard so that it mirrors and complies with the new
international service organization reporting standard – ISAE 3402.
Service organizations can receive significant value from having a SSAE 16
examination performed. A Service Auditor's Report with an unqualified opinion that is
issued by an Independent Auditing Firm differentiates the service organization from its

4. Marlabs Inc © all rights reserved 2015. www.marlabs.com
peers by demonstrating the establishment of control objectives and effectively
designed control activities. A Service Auditor's Report can also help a service
organization build trust with its user organizations
.
http://ssae16.com
HITRUST
Marlabs has been designated by the Health Information Trust Alliance (HITRUST) as a
Common Security Framework (CSF) Assessor. Marlabs is one of only a select few
companies nationwide to achieve CSF Assessor status, which allows it to perform
assessment and other services related to the CSF, the most widely adopted security
framework in the healthcare industry.
HITRUST CSF Assessors are the only organizations approved by HITRUST to perform
services associated with the HITRUST CSF Assurance Program. The CSF Assurance
Program provides multiple benefits to both healthcare organizations and their business
associates by offering a common and efficient approach to managing security
assessments associated with multiple and varied assurance requirements.
As a CSF Assessor, Marlabs is best positioned to help healthcare organizations
implement an effective information security management program that addresses
security and privacy threats appropriately and meets all applicable compliance
requirements.
http://www.hitrustalliance.net

5. Marlabs Inc © all rights reserved 2015. www.marlabs.com
ISO 27001
ISO 27001 is the specification for an Information Security Management System
(ISMS). The objective of the standard itself is to "provide a model for establishing,
implementing, operating, monitoring, reviewing, maintaining, and improving an
Information Security Management System". Its adoption was a strategic decision for
Marlabs. The standard defines its 'process approach' as "The application of a system
of processes within an organization, together with the identification and interactions of
these processes, and their management".
http://www.27000.org/iso-27001.htm