Security

Setting the Standard for Security
To illustrate Confirmation.com’s commitment to effective operational controls and privacy and security best practices, we undergo all three Service Organisation Control (SOC) examinations every six months, have received an ISO 27001 certification for the service, TRUSTe Privacy Policy certified, and EU Privacy Shield certified. Collectively, these provide assurance about the controls we implement to protect privacy and confidentiality of our users' data and the security, availability, and processing integrity of our system.


SOC 1, SOC 2, and SOC 3 Examinations
SOC reports examine controls over the services provided by service organisations. There are three types of SOC reports, and to address our customers varying needs, we complete all three SOC examinations.


  • Type 2 SOC 1—prepared in accordance with SSAE 16 reports on the design and operating effectiveness of controls relevant to user entities' internal control over financial reporting.
  • Type 2 SOC 2—reports on the design and operating effectiveness of controls that affect the security, availability and processing integrity of the system used to process users' data and the confidentiality and privacy of the information processed by the system.
  • SOC 3—reports on whether a system complies with specified Trust Services Principles and criteria.

ISO 27001 Certification
ISO 27001 Certification on the Confirmation.com services—Represents globally recognised standard for the establishment and certification of an information security management system (ISMS). The standard specifies the requirements for establishing, implementing, operating, monitoring, maintaining and improving a documented ISMS within the context of an organisation's overall business risks.


Confirmation.com's ISMS covers its online audit confirmation service and infrastructure including data and data environments, servers, source code, and internal networks related to its Brentwood, Tennessee and Delray Beach, Florida offices.


TRUSTe Certification
Confirmation.com adheres to the Internet's most trusted third-party Privacy Certification Standards issued by TRUSTe. The TRUSTe Web Privacy seal marks companies that adhere to TRUSTe's strict privacy principles, and who strive to treat customer information with the utmost respect.


EU Privacy Shield
Confirmation.com complies with the EU-US Privacy Shield Framework designed by the US Department of Commerce and European Commission. This provides companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.


General Data Protection Regulation (GDPR)
The GDPR aims primarily to give control back to EU residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation across the member states. Confirmation.com is committed to protecting its information and that of its customers. To achieve this goal, the company has implemented many controls to ensure compliance with GDPR. Click here to learn more.


View our SOC 3 Report

View our ISO27001 Certificate

SOC3
Norton Secured powered by Symantec
EU Privacy Shield Framework