See How Comply365 is Protecting Your Data
Security at Comply365
Core Principles Drive IT Security
Comply365’s information security program is designed to actively support the needs of our clients. We provide a high-security, high-availability platform while addressing all relevant industry, legal, and regulatory concerns.
To achieve this goal, we model our program based on three core principles:
- To maintain a feature-rich, highly secure environment
- To address the security, compliance, legal and regulatory mandates of our clients
- To operate a safe, highly available, fault-tolerant platform
As a Comply365 client, you can feel comfortable that we pick the best infrastructure and security vendors, including:
Comply365 Core IT Principles
Maintain a feature-rich, highly secure environment
Comply365’s cloud operations are embedded in Azure, Microsoft’s large-scale, secure cloud, ensuring a solid foundation for security. We utilize Azure’s many available security features to support our own security model and augment them with additional controls within our own virtual environment. Such controls include best-in-class benchmark system hardening, centralized real-time security event management, strong encryption and key management, vulnerability testing, centralized and automated configuration management, multi-factor authentication, and more. Operating in Azure also allows us to keep our systems constantly patched without delay, ensuring that we always remain current.
To support a secure posture throughout our product lifecycle, our SDLC requires that all our software code undergoes automated scanning as well as manual review by personnel experienced and trained in secure coding techniques. We also regularly retire old code, avoiding the accumulation of technical debt that could otherwise harm the security and reliability of the platform.
Address security, compliance, legal & regulatory mandates of our clients
Comply365 appreciates that our clients have explicit industry, legal, and regulatory requirements for security and compliance. Our cloud environment, Microsoft Azure, offers a host of compliance certifications, from which we benefit in the operations of our platform.
But we go beyond that. To give our clients the assurances they need, Comply365 is an ISO-27001 certified organization, the gold standard for security governance. Our clients can rest assured that all of Comply365’s own operations are managed securely and be comfortable with our security management framework.
Our clients often serve EU residents, where compliance with the General Data Protection Regulation (GDPR) is expected and required. Comply365 is fully compliant with the requirements of GDPR as a data processor and offers a standard DPA compliant with Article 28 to all of our clients.
Operate a safe, highly available, fault-tolerant platform
Comply365 knows that our clients depend on having a highly-available environment, and we consider reliability and availability to be a mission-critical aspect of our security program. To that end, we maintain a hot standby, geographically separated multi-region strategy that ensures that operations are never disturbed by any single failure. Our commitment to high availability is reflected in our RTO/RPO numbers, which are 1 hour and 15 minutes, respectively.
Comply365 also relies on a mix of internal and external audits, automated and manual in-depth testing of all platform components, and comprehensive event management to ensure that our controls are performing as they should. Role-based access ensures that only necessary personnel have access to sensitive data. Recurring training is used to maintain security awareness and expertise across the board.
Comply365 Compliance Certifications
Comply365 takes threats to the availability, integrity, and confidentiality of our clients’ information seriously.
We comply with industry accepted standards: