Security and Compliance

Symantec Extended Validation SSL

Certify uses Symantec SSL certificates. Symantec's Extended Validation SSL certificates are used for transport layer encryption throughout Certify. Our certificates use 2048-bit public keys, in compliance with the latest PCI DSS 3.1 requirements.

Verisign weekly vulnerability assessment
Verisign Logo

VeriSign's weekly vulnerability assessment tests check Certify for known problems that impact security. We ensure every test returns zero critical findings and zero informational findings.

ControlScan PCI Compliance

Certify is a Level 1 Compliant PCI Service Provider. Certify partners with ControlScan for quarterly and annual PCI compliance certification. ControlScan is a highly respected, trusted payment security and compliance firm. ControlScan is an Approved Scanning Vendor and a Qualified Security Assessor of the PCI Security Standards Council.

ControlScan Application Penetration Testing

Certify partners with ControlScan for annual authenticated (gray box) web application assessment that includes penetration and vulnerability testing. All findings are reported, mitigated and validated.

SSAE 16 Certified Data Centers
Rackspace - the open cloud company

Certify partners with Rackspace, the global leader in dedicated, private and hybrid cloud hosting. Rackspace is SSAE-16 SOC1, SOC2 and SOC3 Certified, ISO 27001 Certified, and European Union Safe Harbor Certified. Rackspace has a long history of SAS 70 Type II audits, before SAS 70 was retired in 2011.

Service Organization Control (SOC) Reports
SOC Logo

Certify has successfully completed its Service Organization Controls (SOC) Type 2 examination. The examination, conducted by independent accounting and auditing firm BerryDunn, evaluated the processes, procedures and controls for security, availability and confidentiality of Certify.