If you handle information on behalf of other organisations (your customers) then you may be asked to produce a risk management compliance statement.
Typical service providers that handle information on behalf of other organisations:
- outsourced information systems provides
- financial advisers
- business process outsources
The most universal standard for information systems risk management is ISO/IEC 27001. There is also the SSAE16/ISAE3402 (formerly SAS70) standards.
As your system is based on ibCom mydigitalstructure, you can use the ibCom Statement of Applicability (SOA) to ISO/IEC 27001 as the basis for your own SOA - similar to how ibCom uses the Amazon Web Services SOA.
Each statement is layered on top of the next to build the trust for the customer.