Compliance

Resolver has answered over 400 security questions — and you are only a few steps away from gaining in-depth access to Resolver’s independent third-party risk assessment.

Utilizing their strategic partners, Deloitte and KPMG, CyberGRX has validated and reported on their assessment of Resolver.

The CyberGRX assessment methodology identifies both inherent and residual risks. It uses near real-time threat analysis and independent evidence validation to provide customers with a holistic view of their third-party cyber risk posture. In addition to the assessment, you will have access to CyberGRX’s framework mapping functionality which allows you to download Resolver’s alignment to over 30 frameworks and threat profiles including, CAIQ, CMMC, NIST, and GDPR.

Learn more about the CyberGRX Risk Assessment.

Resolver takes threats to the  availability, integrity, and confidentiality of our clients’ information seriously.   As such, Resolver is an  ISO/IEC 27001:2013 certified  provider whose Information Security Management System (ISMS) has received third-party accreditation from the International Standards Organization.

ISO/IEC 27001:2013 is an information security management standard that specifies security management best practices and comprehensive security controls following the ISO/IEC 27002 best practice guidance. The basis of this certification is to establish, implement, maintain and continuously improve a thorough information security program. It also includes requirements for the assessment and treatment of information security risks tailored to the specific needs of the organization.

A-lign, an independent, third-party auditor, found Resolver to have technical controls in place and formalized IT Security policies and procedures. A-lign is an ISO / IEC 27001 certification body accredited by the ANSI-ASQ National Accreditation Board (ANAB) to perform ISMS 27001 certifications.   Resolver has implemented several security measures and countermeasures that protect it from unauthorized access or compromise and IT personnel were found to be conscientious and  knowledgeable  in best practices.

Compliance with this internationally recognized standard confirms that Resolver’s security management program is comprehensive and follows leading practices. The scope of our ISO/IEC 27001:2013 certification includes:

• ISO 27001 Certificate
• ISMS Scope

This certification demonstrates Resolver’s continued commitment to information security at every level and ensures you that the security of your data and information has been addressed, implemented, and properly controlled in all areas of our organization.

Resolver is SOC 2 Type 2 certified! As part of the AICPA accreditation, an independent third-party examination report demonstrates how Resolver achieves key compliance controls and objectives covering all five Trust Service Principles: Security, Confidentiality, Processing Integrity, Availability, and Privacy.

We have completed a SOC2 Type 2 certification for:

• Resolver Core
• Perspective
• GRC Cloud

To learn more, click here.

Resolver is pleased to announce that it is HIPAA and HITECH audited, designed to secure and protect critical healthcare data, and electronic personal health information and records.

We have completed a Cloud Security Alliance (CSA) STAR Level 1 Questionnaire for:

• Resolver Core
• Perspective
• GAL
• Risk Vision

They are available for download on the Cloud Security Alliance’s STAR Registry website. The CSA Security, Trust & Assurance Registry (STAR) is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping customers assess the security of cloud providers they currently use or are considering contracting with. We have completed the Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ). The latest version of the CAIQ, aligned to CSA’s Cloud Controls Matrix (CCM) v.3.0.1, provides an answer to over 300 questions a cloud customer or a cloud security auditor may wish to ask of a cloud provider.

A chain is only as strong as the weakest link. We hold our service providers to our same high standards. Our data centers and other key suppliers undergo regular SOC2 audits to validate their practices. We review these reports carefully and proactively address any areas of concern.