Compliance

PCI DSS Level 1 Certified

Some of the most critical moments in web user experience occur when a end user is providing sensitive financial and personal information. Delivering the fastest performance possible while maintaining security and compliance during this time is critical. ECommerce, enterprise, and financial sites, including their infrastructure and backend systems, are subject to a comprehensive set of controls and policies, defined by the Payment Card Industry Data Security Standard (PCI DSS) to ensure sensitive credit cardholder information is secure at all times. As a critical part of the application delivery chain, Instart's service is PCI compliant, certified by an external PCI-certified security assessor to PCI Level 1 – the highest level of PCI compliance possible.

To attain this level of compliance, Instart maintains a separate environment within our service. This dedicated environment uses the same powerful client-cloud platform that powers the rest of the Instart service. This dedicated environment is then subject to the stringent change controls, limited access, lockdown procedures, and enhanced monitoring specified by the PCI DSS. This allows our customers to gain end-to-end PCI compliance from their backend systems and through our Digital Experience Management Platform systems. Our PCI Level 1-compliant environment provides all the same powerful capabilities as the standard service, and allows us to meet the unique needs of our eCommerce, enterprise, and financial customers.

PCI Attestation of Compliance is available on request.

SOC 2 Type II Certified

SOC is an acronym for “system and organization controls,” which are a set of standards designed to help measure how well a given service organization conducts and regulates its information. The purpose of SOC standards is to provide confidence and peace of mind for organizations when they engage third-party vendors. A SOC-certified organization has been audited by an independent certified public accountant who determined the firm has the appropriate SOC safeguards and procedures in place.

SOC 2 reports build on the financial reporting basis of SOC 1 and additionally require standard operating procedures for organizational oversight, vendor management, risk management, and regulatory oversight. A SOC 2-certified service organization is appropriate for Managed IT service providers (MSPS), cloud computing vendors, data centers, and SaaS (software-as-a-service) companies. The SOC 2 framework includes five key sections, forming a set of criteria called the Trust Services Principles. These include:

  • the security of the service provider’s system
  • the processing integrity of this system
    the availability of this system
  • the privacy of personal information that the service provider collects, retains, uses, discloses and disposes of for user entities
  • the confidentiality of the information that the service provider’s system processes or maintains for user entities

SOC 2 Type II attestation is available on request.