Continuum GRC Security

SaaS security at Continuum GRC is job one. All Continuum GRC customers benefit from a data center and network architecture built to satisfy the requirements of the most security-sensitive organizations. Continuum GRC cloud compliance enables our customers to understand the robust controls in place to maintain security and data protection in the cloud. As systems are built on top of AWS cloud and AWS GovCloud infrastructure, compliance responsibilities will be shared. By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, Continuum GRC compliance enablers build on traditional programs; helping customers to establish and operate in an Continuum GRC security control environment.

Compliance and Certifications

Continuum GRC environments are continuously audited, with certifications from accreditation bodies across geographies and verticals. In the Continuum GRC environment, take advantage of automated tools for asset inventory, and privileged access reporting.

SOC 2 Type 2 Compliant

Continuum GRC publishes a Service Organization Controls 2 (SOC 2), Type II report. The SOC 2 report is an attestation report that expands the evaluation of controls to the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. These principles define leading practice controls relevant to security, availability, processing integrity, confidentiality, and privacy applicable to service organizations such as Continuum GRC.

The AWS SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the criteria for the security and confidentiality principles set forth in the AICPA’s Trust Services Principles criteria. This report provides additional transparency into Continuum GRC security and confidentiality based on a defined industry standard and further demonstrates Continuum GRC's commitment to protecting customer data. The Continuum GRC SOC 2 report includes AWS data centers in US East (Northern Virginia), US West (Oregon), US West (Northern California), AWS GovCloud (US) (Oregon), EU (Dublin), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo) that support in-scope services.

PCI DSS Certified

Continuum GRC is compliant under the Payment Card Industry (PCI) Data Security Standard (DSS). Customers can run Continuum GRC applications on our PCI-compliant technology environment for storing, processing, and transmitting credit card information in the cloud. In February 2013, the PCI Security Standards Council released PCI DSS Cloud Computing Guidelines. These guidelines provide guidance those who are managing a cardholder data environment with considerations for maintaining PCI DSS controls in the cloud.
 
The Continuum GRC PCI compliance package includes the Continuum GRC PCI Attestation of Compliance (AoC), which shows that Continuum GRC has been successfully validated against standards applicable to a service provider under PCI DSS Version 3.2, and the Continuum GRC PCI Responsibility Summary, which explains how compliance responsibilities are shared between Continuum GRC, AWS and our customers in the cloud. The Continuum GRC PCI DSS certification includes AWS data centers in US East (Northern Virginia), US West (Oregon), US West (Northern California), AWS GovCloud (US) (Oregon), EU (Frankfurt), EU (Ireland), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), and South America (Sao Paulo) that support in-scope services.

HIPAA Compliant

Continuum GRC enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) to leverage the secure Continuum GRC and AWS environment to process, maintain, and store protected health information. Additionally, Continuum GRC, as of December 2015, is able to sign business associate agreements (BAA) with such customers.
 
The Continuum GRC compliance includes AWS data centers in US East (Northern Virginia), US West (Oregon), US West (Northern California), AWS GovCloud (US) (Oregon), EU (Dublin), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo) that support in-scope services.

General Data Protection Regulation (GDPR) Compliant

Continuum GRC is independently assessed verifying our compliance with the General Data Protection Regulation (GDPR) demonstrating our commitment to maintaining the security and privacy that protects your data and confidential information everywhere in the world.
 
The Continuum GRC compliance includes AWS data centers in US East (Northern Virginia), US West (Oregon), US West (Northern California), AWS GovCloud (US) (Oregon), EU (Dublin), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo) that support in-scope services.

Contact Continuum GRC for Compliance Reports & Certifications

You can request the reports and certifications produced by our third-party auditors which attest to the design and operating effectiveness of the Continuum GRC environment. Report and certification requests can be made through an Continuum GRC account representative.

Security Benefits

As an AWS customer, we inherit all the best practices of AWS policies, architecture, and operational processes built to satisfy the requirements of our most security sensitive customers. We get the flexibility and agility needed in security controls.