Compliance & Certifications

Compliance & Certifications

We maintain numerous security certifications, and our solutions meet rigorous international security and privacy standards, as validated by external auditors.


The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle credit cards from the major card schemes including Visa®, MasterCard®, American Express®, Discover®, and JCB (“Card Schemes”). PCI DSS is mandated by the Card Schemes and administered by the Payment Card Industry Security Standards Council. PCI DSS was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually, either by an external qualified security assessor (QSA) or by a firm-specific internal security assessor (ISA) who creates a report on compliance (ROC) for organizations handling large volumes of transactions or by self-assessment questionnaire (SAQ) for companies handling smaller volumes.

The Payment Application Data Security Standard (PA-DSS), formerly referred to as the Payment Application Best Practices (PABP), is the global security standard created by the Payment Card Industry Security Standards Council (PCI SSC). PA-DSS was implemented in an effort to provide the definitive data standard for service providers that develop payment applications. PA-DSS aims to prevent customer hosted payment applications from storing prohibited secure data. PA-DSS also dictates that software vendors develop payment applications that are compliant with the Payment Card Industry Data Security Standards (PCI DSS).


A Service Organization Control (SOC) 1 audit, intended for CPA firms that audit financial statements, evaluates the effectiveness of internal controls that affect the financial reports of a client using a service provider’s cloud solutions. The Statement on Standards for Attestation Engagements (SSAE 16) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402) are the standards under which a SOC 1 audit is performed and the basis of a SOC 1 report. The Type II designation ensures that the controls have been in place over a period of time from six months to one year.


A Service Organization Control (SOC) 2 audit gauges the effectiveness of a service provider’s system or applications, based on the AICPA Trust Service Principles (security, availability, processing integrity, confidentiality, and privacy). The Type II designation ensures that the controls have been in place over a period of time from six months to one year.


HIPAA is an acronym for Health Insurance Portability and Accountability Act. HIPAA is the group of codes and regulations that define the treatment of protected health information (PHI) when a covered entity (healthcare organization) provides PHI to a vendor (business associate).

Sarbanes Oxley

The Sarbanes-Oxley Act of 2002 (often shortened to SarbOx or SOX) protects shareholders and the general public from accounting errors and fraudulent practices in publicly traded companies, while also improving the accuracy of corporate disclosures.