Validated Under Rigorous Industry Standards:
Confirmit’s operations undergo an annual comprehensive SOC 2 Type II (SSAE 18 / AT 101) examination by a highly-reputable AICPA accredited firm (full audit report is available to our clients). Our SaaS production environment, where client data is stored and processed, is ISO 27001 certified, SOC 2 Type II audited and PCI-DSS certified.

Partnering with the Best:
Your data is stored and processed on the SaaS platform you select, which we host with Rackspace in the USA, UK, and Australia. We also have cloud-based offerings hosted by Microsoft Azure in Canada and Germany.
Rackspace is recognized to be the world’s leading managed hosting provider and we have been partnering with them since 2004. Read more about Rackspace certifications at: https://www.rackspace.com/compliance
Microsoft Azure’s extensive global footprint allows us to localize your data to more geographic regions as well as provide improved response times for those localities. More information about Azure’s security, compliance and privacy may be found here: https://www.microsoft.com/en-us/trustcenter

Trust but Verify:
In addition to the comprehensive third-party SOC 2 Type II audits of our operations, Confirmit performs a battery of additional testing to ensure the effectiveness of our security posture. These include weekly penetration testing by our information security team which are validated by annual third-party penetration tests by independent security professionals (McAfee). Confirmit also performs static code-scanning of the software we develop, which is validated by third-party white-hat application testing performed by highly trained cyber-security professionals (Veracode). We have always completed the third-party testing with the highest security grade available, “A”. Reports are made available to our customers.

HIPAA:
HIPAA regulations require that covered entities and their business associates enter into an agreement (BAA) that ensures adequate protection of PHI by the business associate. Confirmit supports a number of HIPAA compliant companies and is ready to enter into a BAA that meets your specific needs.
Misc
For more details, including downloadable documents, on our extensive security, please click here.
If you’d like to speak to us about of offerings, please contact your local Confirmit office.
If you want to submit a security related bug, please follow the instructions here.