Regulatory Excellence

Compliance Center

Your comprehensive resource for understanding our certifications, regulatory compliance, and commitment to industry-leading security standards.

βœ… ISO 27001
πŸ“Š SOC 2 Type II
πŸ›οΈ NIST CSF
πŸ“‹
ISO
SOC
NIST
5+ Active Certifications
100% Audit Pass Rate
0 Critical Findings
24/7 Compliance Monitoring
Certifications

Industry Certifications

We maintain the highest standards through rigorous third-party audits and certifications.

πŸ†
Active

ISO 27001:2022

Information Security Management System

Our ISMS is certified to the latest ISO 27001:2022 standard, demonstrating our commitment to systematic management of sensitive company and customer information.

Certification Body BSI Group
Valid Until December 2027
Scope All Operations
πŸ“Š
Active

SOC 2 Type II

Trust Service Criteria

Annual SOC 2 Type II audits verify our controls for security, availability, processing integrity, confidentiality, and privacy over an extended period.

Auditor Deloitte
Report Period 12 Months
Trust Criteria All Five
πŸ›οΈ
Compliant

NIST Cybersecurity Framework

CSF 2.0 Implementation

Our security program is aligned with NIST CSF 2.0, implementing comprehensive controls across Identify, Protect, Detect, Respond, Recover, and Govern functions.

Version CSF 2.0
Tier Level Tier 4 - Adaptive
Assessment Annual
πŸ”’
In Progress

CMMC Level 2

Cybersecurity Maturity Model Certification

We are actively pursuing CMMC Level 2 certification to serve Department of Defense contractors and handle Controlled Unclassified Information (CUI).

Target Level Level 2
Expected Date Q2 2026
Progress 75% Complete
Regulatory

Regulatory Compliance

We maintain compliance with applicable federal, state, and international regulations.

πŸ‡ͺπŸ‡Ί

GDPR

General Data Protection Regulation

Compliant
  • Data subject rights honored
  • Privacy by design implemented
  • DPA available upon request
πŸ‡ΊπŸ‡Έ

CCPA/CPRA

California Consumer Privacy Act

Compliant
  • Consumer rights supported
  • Opt-out mechanisms in place
  • Annual risk assessments
πŸ₯

HIPAA

Health Insurance Portability & Accountability

BA Ready
  • Business Associate Agreements
  • PHI safeguards implemented
  • Security risk analysis
πŸ’³

PCI DSS

Payment Card Industry Data Security

Compliant
  • Secure payment handling
  • Quarterly vulnerability scans
  • Annual SAQ completion
🏦

GLBA

Gramm-Leach-Bliley Act

Ready
  • Safeguards Rule compliance
  • Financial data protection
  • Risk management program
πŸ”

State Privacy Laws

Multi-State Compliance

Compliant
  • Virginia VCDPA
  • Colorado CPA
  • Connecticut CTDPA
Controls

Security Controls & Frameworks

Our security program implements controls from multiple recognized frameworks.

CIS Critical Security Controls

We implement the Center for Internet Security's prioritized set of actions to protect organizations from the most pervasive cyber attacks.

Implementation Group 1
100%
Implementation Group 2
100%
Implementation Group 3
92%

MITRE ATT&CK Coverage

Our detection capabilities are mapped to the MITRE ATT&CK framework for comprehensive threat coverage.

Initial Access
Execution
Persistence
Defense Evasion
Exfiltration
Trust

Trust Center

Access compliance documentation and request security assessments.

πŸ“„

Documentation

Request access to our compliance documentation, including SOC 2 reports, penetration test summaries, and security questionnaire responses.

Request Documents β†’
πŸ”

Security Assessments

Request a security assessment or vendor risk questionnaire completion. We support SIG, CAIQ, HECVAT, and custom questionnaires.

Request Assessment β†’
πŸ“œ

Agreements

Access our standard Data Processing Agreement (DPA), Business Associate Agreement (BAA), and other contractual documents.

Request Agreement β†’
πŸ””

Status Page

Monitor real-time system status, scheduled maintenance, and historical uptime metrics for all Syntrix Security services.

View Status β†’
FAQ

Compliance Questions

Common questions about our compliance program.

How can I obtain a copy of your SOC 2 report?

SOC 2 reports are available under NDA. Please contact our compliance team at compliance@syntrixsecurity.com to request a copy.

Do you sign Business Associate Agreements?

Yes, we provide BAAs for customers who require HIPAA compliance. Our standard BAA is available upon request.

Where is my data stored?

All customer data is stored in SOC 2 certified data centers located within the United States. We use Cloudflare for CDN and edge services.

How often are penetration tests conducted?

We conduct third-party penetration tests annually, with additional testing after significant changes. Executive summaries are available upon request.

What security questionnaires do you support?

We support SIG, SIG Lite, CAIQ, HECVAT, VSAQ, and custom questionnaires. Typical turnaround is 5-7 business days.

How do you handle security incidents?

We have a documented incident response plan with 24/7 monitoring. Customers are notified of confirmed incidents affecting their data within 72 hours.

Need Compliance Assistance?

Our compliance team is ready to help with your security and regulatory requirements.

Contact Compliance Team compliance@syntrixsecurity.com