Certifications and Compliance
We undergo regular audits to demonstrate that we are meeting the highest standards.
SOC 2 Type 1 and Type 2 audited
Since 2021, Administrate has been SOC 2 Type 1 and Type 2 audited. You can request a copy of our latest SOC 2 report by contacting your account manager or sales engineer. The auditor’s opinion is unqualified, meaning that Administrate passed the audit with zero exceptions. A confirmation of the Audit is available here, and the full report available on request.
SOC 2 is an auditing procedure that ensures service providers, like Administrate, securely manage data, to protect their privacy of our customers. Our SOC 2 report covers a 12 month period, and is performed in the first quarter of each year. Our SOC 2 auditor is A-Lign, the world’s top SOC 2 report issuer.
ISO/IEC 27001:2022 Certified
Since 2018, Administrate has been ISO27001 Certified, download our latest certificate.
Administrate does not normally share the ISO27001 report externally, but is pleased to report that the auditors found no non-conformities.
ISO/IEC 27001 is a globally recognized standard helping organizations, like Administrate, to keep secure both their own information assets and those of their customers. An ISO27001 certification covers a three year period, but is assessed annually. Our ISO27001 auditor is A-Lign, an accredited certification body.
GDPR Compliance
Administrate is fully compliant with the GDPR and can support European organizations and organizations with data on EU citizens with adherence to GDPR best practices.
Our agreements with our customers contain specific language identifying how we process and control data on your behalf. In summary, Administrate clients are the nominated Data Controller, and Administrate is the nominated Data Processor.
We have performed data processing assessments and transfer risk assessments, further details can be found in the section about Data Subprocessors.
HIPAA Compliance
Our systems meet and exceed USA HIPAA requirements. We can sign a Business Associates Agreement with customers if required.