Compliance

We have a great Trust Program, but you want external validation. We understand. We validate our program annually with a third party audit to ensure we adhere to the highest standards. The third party will test our operations, procedures, policies, and controls to independently validate they are designed and operating effectively. We will share their reports when available.

ISO/IEC 27001:2013 (e) Certified

Resolver takes threats to the availability, integrity, and confidentiality of our clients’ information seriously.  As such, Resolver is an ISO/IEC 27001:2013 certified provider whose Information Security Management System (ISMS) has received third-party accreditation from the International Standards Organization.

ISO/IEC 27001:2013 is an information security management standard that specifies security management best practices and comprehensive security controls following the ISO/IEC 27002 best practice guidance. The basis of this certification is to establish, implement, maintain and continuously improve a thorough information security program. It also includes requirements for the assessment and treatment of information security risks tailored to the specific needs of the organization.

A-lign, an independent, third-party auditor, found Resolver to have technical controls in place and formalized IT Security policies and procedures. A-lign is an ISO / IEC 27001 certification body accredited by the ANSI-ASQ National Accreditation Board (ANAB) to perform ISMS 27001 certifications.  Resolver has implemented several security measures and countermeasures that protect it from unauthorized access or compromise and IT personnel were found to be conscientious and knowledgeable in best practices.

Compliance with this internationally recognized standard confirms that Resolver’s security management program is comprehensive and follows leading practices. The scope of our ISO/IEC 27001:2013 certification includes:

This certification demonstrates Resolver’s continued commitment to information security at every level and ensures you that the security of your data and information has been addressed, implemented, and properly controlled in all areas of our organization.

SOC 2 Type 2 Certified

Resolver is SOC 2 Type 2 certified! As part of the AICPA accreditation, an independent third-party examination report demonstrates how Resolver achieves key compliance controls and objectives covering all five Trust Service Principles: Security, Confidentiality, Processing Integrity, Availability, and Privacy.

We have completed a SOC2 Type 2 certification for:

  • Resolver Core
  • Perspective
  • GRC Cloud

To learn more, click here.

HIPAA-HITECH Audited

Resolver is pleased to announce that it is HIPAA and HITECH audited, designed to secure and protect critical healthcare data, and electronic personal health information and records.

Cloud Security Alliance - Security, Trust, and Assurance Registry

We have completed a Cloud Security Alliance (CSA) STAR Level 1 Questionnaire for:

They are available for download on the Cloud Security Alliance’s STAR Registry website. The CSA Security, Trust & Assurance Registry (STAR) is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping customers assess the security of cloud providers they currently use or are considering contracting with. We have completed the Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire (CAIQ). The latest version of the CAIQ, aligned to CSA’s Cloud Controls Matrix (CCM) v.3.0.1, provides an answer to over 300 questions a cloud customer or a cloud security auditor may wish to ask of a cloud provider.

Our Service Providers

A chain is only as strong as the weakest link. We hold our service providers to our same high standards. Our data centers and other key suppliers undergo regular SOC2 audits to validate their practices. We review these reports carefully and proactively address any areas of concern.