Security and Compliance

Have the tools and the strategy you need to maintain compliance and engage in real, human conversations with your customers.

The security of your data is our highest priority

We’re a company that takes data security and privacy very seriously. And, we realize that our information security practices are important to you, too. While we don’t like to expose too much detail around our practices (since that could enable the very people we’re protecting ourselves against), below you’ll find some general information to give you confidence in how we secure the data entrusted to us. As you engage with us, we’ll be more than happy to walk you through the details surrounding our security and compliance.

HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a law that mandates privacy practices for businesses handling personally identifiable information. There’s no certification for HIPAA compliance, but we’ve completed the self-assessment as part of Cloud Security Alliance best practices.

circle and lock

ISO27001

We’ve created an Information Security & Management System in accordance with ISO 27001 guidelines. This security standard is a systematic approach to managing sensitive company information so that it remains secure, using a risk management process to evaluate people, processes, and IT systems.

shield with a check

SOC 2

We’ve completed a SOC 2 examination of our controls relevant to security, availability, processing integrity, confidentiality and privacy. We have a SOC 2 Type I report completed by an independent service auditor.

powered by aws

Shared Responsibility Model through AWS

The Sharpen platform is hosted in Amazon Web Services (AWS), and uses the Shared Responsibility Model. We commit to the responsibility of this model through continuous audits and corporate security policies addressing corporate, development and operational security. AWS engages with external certifying bodies and independent auditors to provide customers with considerable information about the policies, processes, and controls established and operated by AWS. AWS is FedRAMP and HIPAA compliant, ISO 9001 and ISO 27001 certified, PCI DSS Level 1 Compliant, and publishes a SOC Type II report.

GDPR

Because GDPR is a law, there isn’t a formal certification process. For full details on how we comply, check out our privacy policy. Or, here’s an overview of how we comply:

  • Conducting privacy impact assessments where we inventory our data assets; 
  • Designate a Data Protection Officer;
  • Addressing privacy policy changes (opt-in);
  • Following data subject rights and the right to be forgotten;
  • Conducting periodic assessments to establish the extent to which our security policies and procedures meet the requirements.
cloud padlock

PCI

We provide PCI-compliant functionality for payments in the platform through Sharpen Payments. We have an attestation of compliance from a qualified third-party service assessor. While you’re responsible for the ownership of the data, and it’ll remain in your ownership, our data processing agreement and protection policy detail that we’ll be a responsible steward of your data and work with you to maintain compliance to your regulations.