Continuum GRC Security
SaaS security at Continuum GRC is job one. All Continuum GRC customers benefit from a data center and network architecture built to satisfy the requirements of the most security-sensitive organizations. Continuum GRC cloud compliance enables our customers to understand the robust controls in place to maintain security and data protection in the cloud. As systems are built on top of AWS cloud and AWS GovCloud infrastructure, compliance responsibilities will be shared. By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, Continuum GRC compliance enablers build on traditional programs; helping customers to establish and operate in an Continuum GRC security control environment.
Compliance and Certifications
SOC 2 Type 2 Compliant
Continuum GRC publishes a Service Organization Controls 2 (SOC 2), Type II report. The SOC 2 report is an attestation report that expands the evaluation of controls to the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. These principles define leading practice controls relevant to security, availability, processing integrity, confidentiality, and privacy applicable to service organizations such as Continuum GRC.
The AWS SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the criteria for the security and confidentiality principles set forth in the AICPA’s Trust Services Principles criteria. This report provides additional transparency into Continuum GRC security and confidentiality based on a defined industry standard and further demonstrates Continuum GRC's commitment to protecting customer data. The Continuum GRC SOC 2 report includes AWS data centers in US East (Northern Virginia), US West (Oregon), US West (Northern California), AWS GovCloud (US) (Oregon), EU (Dublin), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo) that support in-scope services.
PCI DSS Certified
General Data Protection Regulation (GDPR) Compliant
Contact Continuum GRC for Compliance Reports & Certifications
[contact-form-7 404 "Not Found"]