Compliance

Exclaimer are leaders in compliance and standards, we regularly undergo third-party, independent reviews of our systems, processes and policies to ensure that we meet the highest standards.

SOC 2 Type II

An independently audited assurance report for compliance that demonstrates how effectively an organization safeguards the privacy and security of customer and client data.

Learn more

ISO/IEC 27001 is an international standard for an information security management system. The standard adopts a process-based approach for establishing, implementing, operating, monitoring, maintaining, and improving the security of your system.

Learn more

ISO/IEC 27018

ISO/IEC 27018 is the international standard for protecting personal information in cloud storage.

Learn more

HIPAA

HIPAA is a regulation developed by the U.S. Department of Health and Human Services designed to protect the privacy and security of an individual’s Protected Health Information (PHI).

Learn more

Cyber Essentials

Cyber Essentials is the UK government-backed cyber security certification designed to protect your business, organization, or supplier from cyber threats.

Learn more

GDPR

The General Data Protection Regulation (EU) 2016/679 was implemented on May 25, 2018, affecting all companies that process personal data of European Union (EU) and European Economic Area (EEA) citizens.

Learn more

CSA Trusted Cloud Provider

Built upon existing Cloud Security Alliance programs, the Trusted Cloud Provider program allows organizations to demonstrate their commitment to holistic security and serves as a reference point for customers looking to identify cloud providers that are aligned with their security requirements.

Learn more

CSA STAR

The CSA STAR Certification is a framework laid out by the leading cloud security organisation, enabling cloud service providers to demonstrate to customers security practices against a standardized control matrix.

Learn more

PCI DSS

The Payment Card Industries Data Security Standard is an information security standard for the handling of credit card information.

Learn more

ACSC

Australian Cyber Security Centre (ACSC) develop strategies to help protect businesses mitigate the risks of cyber security incidents.

Learn more

CCPA

CCPA is a California law giving residents control over their personal information, including the right to know, delete, and opt out of sale. It requires companies to disclose data collection practices and applies to businesses in California.

Learn more

SOC 2 Type II

Exclaimer has received the SOC 2 Type II attestation report that tested the operating effectiveness of Exclaimer’s global systems and operations for the Trust Services Principles for Security, Availability, Confidentiality. This report is available on request to prospects that sign an appropriate NDA and to existing customers under their service agreement confidentiality.

A SOC 2 report ensures that Exclaimer keeps data private and secure while processing or storing it, that data is always accessible and that specific controls are implemented to keep customer data confidential and private.

SOC 2 Type II is the more advanced of two levels of attestation available against the SOC2 standard that not only describes and confirms Exclaimers systems and controls meet the criteria set at a point in time, but extend to monitoring continuous compliance with the Trust Principles.

References:

SOC2 Type II Report

ISO/IEC 27001

The ISO/IEC 27001 Certification is an international standard on how to manage information security. Providing requirements for an information security management system (ISMS), the ISO/IEC 27001 Certification means third-party accredited independent auditors regularly perform thorough assessments to confirm it operates in alignment with ISO security standards. The standard adopts a process-based approach for establishing, implementing, operating, monitoring, maintaining, and improving your ISMS.

Exclaimer has a comprehensive set of information security policies that are based on the ISO/IEC 27001 information security standard and has been accredited since 2016 by the BSI (British Standards Institution), the gold standard for ISO compliance requirements.

Don’t just take our word for it though. Our partner Vanta actively monitors our compliance and makes our status public via our Trust Report.

References:

ISO 27001 Certificate

ISO/IEC 27018

ISO/IEC 27018 is an addition to the ISO/IEC 27001 Standard which adds over 50 new control objectives, specific to helping cloud service providers store and process Personally Identifiable Information (PII) securely. ISO/IEC 27018 specifies detailed requirements and guidelines for data processors that cover the storage, processing, and maintenance of PII in public cloud environments as well as outlining users rights relating to their data

References:

ISO 27018 Certificate

HIPAA

The HIPAA Security Rule was established to protect individuals’ health information and ensure the security, integrity, and confidentiality of this data. HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses, as well as other third parties, known as “Business Associates”, that create, receive, maintain, or send PHI.

In order to enable our customers to utilize our service while being sure of our HIPAA compliance, Exclaimer has undergone a thorough third-party review of our policies and procedures which includes:

Security measures for protecting PHI
Assessments for reasonable remediation or mitigating controls of addressable HIPAA Security Rules
Regular review and retention of HIPAA Security policies and procedures by an independant third party
Security awareness training regarding the protection of ePHI
The designation of a HIPAA Security Officer.

Customers who are subject to HIPAA compliance must enter into a Business Associate Agreement (BAA). For more information on the signed BAA, please contact us.

References:

HIPAA Compliance Policies

Cyber Essentials

Cyber Essentials is the UK government-backed cyber security certification designed to protect your business, organization, or supplier from cyber threats. Achieving this certification demonstrates Exclaimer’s alignment with the five main Technical Security Controls, proving that our business is safe and secure.

References:

Cyber Essentials Certificate

CSA Trusted Cloud Provider

To be certified, Exclaimer have proved that we have a current entry in the CSA STAR registry. We have at least one current member of staff who has achieved the CSA Certificate of Cloud Security Knowledge (CCSK). We are a corporate member of Cloud Security Alliance and we volunteer regularly for CSA for activities such as research working groups, chapter events, blog posts and other work for the common good.

The Trusted Cloud Provider program extends the credibility of organizations on the STAR registry by showing their extended commitment to holistic security through training/education and contributing to the community through volunteering and cloud security evangelism.

References:

CSA STAR Registry

CSA Corporate Members

Cloud Security Alliance

The CSA is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. Its mission is to "promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing."

The CSA STAR Certification is an assurance framework, enabling cloud service providers to embed cloud-specific security controls. The technology-neutral certification leverages the requirements of the ISO/IEC 27001 management system standard together with the CSA’s Cloud Controls Matrix.

Exclaimer is also a Corporate Member of the CSA, placing it in the company of an elite set of organizations that have shown dedication to the best cloud security practices.

References:

CSA STAR Registry

CSA Corporate Members

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

Exclaimer’s online store, store.exclaimer.com, is tested quarterly to see if it meets PCI data security requirements. This ensures that high security standards are maintained, protecting credit card and other sensitive data.

ACSC

The Australian Cyber Security Centre (ACSC) has developed prioritised mitigation strategies, in the form of the Strategies to Mitigate Cyber Security Incidents, to help organizations mitigate cyber security incidents caused by various cyber threats. The most effective of these are known as the Essential Eight.

To help your organisation rate Exclaimer against the Essential 8 we have put together a report to outline our maturity against the objectives.

References:

Essential 8 Report

CCPA

CCPA stands for the California Consumer Privacy Act. It is a law in California that gives residents of the state more control over their personal information. This includes the right to know what personal information is being collected about them, the right to request that their personal information be deleted, and the right to opt-out of the sale of their personal information.

Meet the team

"Security and Reliability are the most important features a product can have, they are key to building trust with customers. Through a multi-layered system of automated, intelligent threat detection and protection tools we ensure that these two features are the cornerstones of our product."