Supported compliance certifications – Help Center

California Consumer Privacy Act

The California Consumer Privacy Act (CCPA) is a state law passed in 2018 designed to give consumers more control over the personal information that businesses collect about them, including knowing what information is collected, knowing how it is used and shared, being able to delete collected information (with some exceptions), being able to opt-out of the sale of personal information and being free from discrimination for exercising CCPA rights.

FedRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Any cloud service that holds federal data must be FedRAMP Authorized. FedRAMP prescribes the requirements and process cloud service providers must follow in order for the government to consume their service.

Fisma

The Federal Information Security Management Act (FISMA) is a United States federal law passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program. Though FedRAMP and FISMA are both built on the foundation of NIST 800-53, they have different objectives.

FISMA offers guidelines to government agencies on how to ensure data is protected, while FedRAMP offers guidelines to agencies adopting cloud service providers on how to protect government data.

GDPR

The General Data Protection Regulation is a European Union privacy law that comes into effect on May 25, 2018. It increases restrictions on what organizations can do with your data, and it extends the rights of individuals to access and control data about themselves.

ISO27001

ISO/IEC 27001:2013 (also known as ISO27001) is the international standard that sets out the specification for an information security management system (ISMS). Its best-practice approach helps organizations manage their information security by addressing people and processes as well as technology.

SOC2

SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients. For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a SaaS provider.

Swiss-U.S. Privacy Shield

The Swiss-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce, and Swiss Administration, to provide companies on both sides of the Atlantic with a method to comply with data protection requirements when transferring personal data from Switzerland to the United States in support of transatlantic commerce.