Your organization has decided to use Compliance to help efficiently manage their Security Program. Compliance exists to help all parts of a company improve security by automating and streamlining high-volume manual tasks. Things like clearance requests, foreign travel, and visit requests now all live in one easy-to-use place.

Our team has exhaustive experience in the security space and we know the importance of your data. Security is a core piece of everything we do, so we created this document as a quick way to introduce you to the ways we keep your information safe.
​
​

Compliance is a security management software tool designed to automate and improve security compliance. Some of Compliance’s benefits include improved information sharing between the Security Team and cleared personnel, less time spent on manual paperwork, and easier completion of tasks assigned to you.
​

Importantly for you as a cleared individual, using Compliance will dramatically reduce the time required for routine activities supporting security clearances and classified projects.
​
​

Compliance’s application is operated via Amazon Web Services GovCloud, which is designed to meet strict compliance requirements for national security, government financial, and government-related protected health information.

Because GovCloud is provisioned specifically for the type of data that Compliance stores, it follows extremely strict rules set by the government and security professionals to prevent external access to any servers. You can be confident that any information you store in Compliance is protected via state-of-the art security protocols.
​
​

Data security is accomplished via a combination of technical security measures and internal procedures. In terms of technical protection, beyond the security provided by AWS GovCloud, your Compliance data is encrypted in-transit and at-rest via HTTPS and AES256 respectively.
​

Compliance is annually audited as part of our SOC2 compliance to ensure that we execute the following policies and procedures to protect your data:

At Compliance, we believe that sensitive customer data should stay that way. We employ strict controls preventing anyone, including our team, from accessing your information, and we never sell or share your information.

Data stored and collected in Compliance can exclusively be viewed by you and your security team. For more information, please see our product privacy policy.
​
​

Compliance undergoes annual third party SOC2 security audits and penetration testing to guarantee that our services and commitments meet the most stringent security requirements.
​

Securing SOC 2 attestation enables a company to demonstrate to its customers the maturity of its information security program via an independent third party review. It also validates the measures taken to enable security, confidentiality, and availability of customer data.
​

As of March 17, 2020 Compliance is SOCII certified. Throughout 2020, Compliance will undergo additional Type 2 auditing.
​

If you have any questions or concerns regarding this information, feel free to reach out to our team using the chat feature in the lower right hand corner.