Compliance

We have a great Trust Program, but you want external validation. We understand. We validate our program annually with a third party audit to ensure we adhere to the highest standards. The third party will test our operations, procedures, policies, and controls to independently validate they are designed and operating effectively. We will share their reports when available.

Third-Party Risk Assessment from CyberGRX

Resolver has answered over 400 security questions — and you are only a few steps away from gaining in-depth access to Resolver’s independent third-party risk assessment.

Utilizing their strategic partners, Deloitte and KPMG, CyberGRX has validated and reported on their assessment of Resolver.

The CyberGRX assessment methodology identifies both inherent and residual risks. It uses near real-time threat analysis and independent evidence validation to provide customers with a holistic view of their third-party cyber risk posture. In addition to the assessment, you will have access to CyberGRX’s framework mapping functionality which allows you to download Resolver’s alignment to over 30 frameworks and threat profiles including, CAIQ, CMMC, NIST, and GDPR.

Learn more about the CyberGRX Risk Assessment.

Request access to the CyberGRX Risk Assessment for Resolver

ISO/IEC 27001:2013 and ISO/IEC 27017:2015 Certified

Resolver takes threats to the availability, integrity, and confidentiality of our clients’ information seriously.   As such, Resolver is an ISO/IEC 27001:2013 and ISO 27017:2015 certified  provider whose Information Security Management System (ISMS) has received third-party accreditation from the International Standards Organization.

ISO/IEC 27001:2013 is an information security management standard that specifies security management best practices and comprehensive security controls following the ISO/IEC 27002 best practice guidance. The basis of this certification is to establish, implement, maintain, and continuously improve a thorough information security program. It also includes requirements for the assessment and treatment of information security risks tailored to the specific needs of the organization.

ISO/IEC 27017:2015 is a security standard developed for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems.

A-lign, an independent, third-party auditor, found Resolver to have technical controls in place and formalized IT Security policies and procedures. A-lign is an ISO / IEC 27001 certification body accredited by the ANSI-ASQ National Accreditation Board (ANAB) to perform ISMS 27001 certifications. Resolver has implemented several security measures and countermeasures that protect it from unauthorized access or compromise and IT personnel were found to be conscientious and knowledgeable  in best practices.

Compliance with this internationally recognized standard confirms that Resolver’s security management program is comprehensive and follows leading practices. The scope of our ISO/IEC 27001:2013 certification includes:

This certification demonstrates Resolver’s continued commitment to information security at every level and ensures you that the security of your data and information has been addressed, implemented, and properly controlled in all areas of the organization.

 

ISO/IEC 27701:2019 Certified

Resolver is committed to maintaining the accuracy, confidentiality, and security of its customers’ Personally Identifiable Information PII). As part of this commitment, Resolver maintains a Privacy Information Management System (PIMS) that is ISO/IEC 27701:2019 certified.

ISO/IEC 27701:2019 is a Data Privacy standard that specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving the PIMS.

SOC 2 Type 2 Certified

Resolver is SOC 2 Type 2 certified! As part of the AICPA accreditation, an independent third-party examination report demonstrates how Resolver achieves key compliance controls and objectives covering all five Trust Service Principles: Security, Confidentiality, Processing Integrity, Availability, and Privacy.

We have completed a SOC2 Type 2 certification for:

  • Resolver Core
  • Perspective
  • GRC Cloud

Cloud Security Alliance - Security, Trust, and Assurance Registry

We have completed a Cloud Security Alliance (CSA) STAR Level 1 Questionnaire for:

They are available for download on the Cloud Security Alliance’s STAR Registry website. The CSA Security, Trust & Assurance Registry (STAR) is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping customers assess the security of cloud providers they currently use or are considering contracting with. We have completed the Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ). The latest version of the CAIQ, aligned to CSA’s Cloud Controls Matrix (CCM) v.4.0.3, provides an answer to over 300 questions a cloud customer or a cloud security auditor may wish to ask of a cloud provider.

Whistic

Whistic’s third-party risk management platform supports Company and Product Profiles, which include a series of industry-standard questionnaires that detail common security, compliance, operational, and organizational controls.

Click the link below to request access to Resolver’s Whistic Security Profile. This profile contains all of Resolver’s compliance program certifications and reports (ISO 27001, ISO 27017, ISO 27701, and SOC 2 Type 2 under NDA), the most popular and recognized industry-specific prepopulated questionnaires (CSA/CAIQ 4.0.x), and additional helpful information to understand Resolver’s approach to Information Security, Compliance, HR, and other aspects of company activity.

Resolver Security Profile

Our Service Providers

A chain is only as strong as the weakest link. We hold our service providers to our same high standards. Our data centers and other key suppliers undergo regular SOC2 audits to validate their practices. We review these reports carefully and proactively address any areas of concern.