Whatfix
Compliances (12)
Here are the compliance frameworks that Whatfix follows which showcases our adherence to industry-standard security guidelines and practices.
SOC 2
Compliant
SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.
ISO 27001
Compliant
A globally recognized standard for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
ISO 27701
Compliant
ISO 27701 is an extension of ISO 27001 and ISO 27002 for privacy information management. It helps organizations comply with global privacy regulations by providing a framework for managing personal data.
ISO 27017
Compliant
ISO 27017 is a standard providing guidelines for information security controls applicable to the provision and use of cloud services. It helps organizations ensure secure cloud services by implementing these best practices.
ISO 27018
Compliant
ISO 27018 is a standard focusing on protecting personal data in the cloud. It sets out guidelines to ensure cloud service providers implement robust privacy and data security measures.
GDPR
Compliant
The General Data Protection Regulation, a comprehensive data protection law in the EU, governs how organizations must protect personal data and privacy.
HIPAA
Compliant
The Health Insurance Portability and Accountability Act, a U.S. law that mandates standards for protecting sensitive patient health information.
CPRA (formerly CCPA)
Compliant
The California Consumer Privacy Act provides data privacy rights to California residents, allowing them control over how their personal information is collected and used.
HITRUST
Compliant
CSA Star
Compliant
The Cloud Security Alliance Security, Trust, Assurance, and Risk (STAR) program is a certification for cloud service providers, focusing on transparency and rigorous security controls.
TISAX
Compliant
Trusted Information Security Assessment Exchange (TISAX) is a security standard for the automotive industry. It ensures that organizations comply with industry-specific data security requirements.
Cyber Essentials Plus
Compliant
A UK government-backed certification that offers a higher level of assurance, requiring a hands-on technical verification of cybersecurity practices.
