Security Is Not a Feature.
It’s Our Foundation.
Certyneo is built from the ground up to protect your most sensitive documents. Our security architecture, certifications, and operational practices exceed the requirements of the most regulated industries.
Certifications & Compliance
Independently audited and certified to the highest international standards.
SOC 2 Type II
Annual independent audit of our security, availability, and confidentiality controls. Our report is available to customers under NDA upon request.
ISO 27001
Certified information security management system covering all aspects of data handling, from employee onboarding to incident response and disaster recovery.
eIDAS Compliant
Fully compliant with the EU regulation on electronic identification and trust services. Supports advanced and qualified electronic signatures across all EU member states.
HIPAA Ready
Business Associate Agreements available. Technical, administrative, and physical safeguards meet or exceed HIPAA requirements for protected health information.
GDPR Compliant
Data processing agreements, EU-based data residency, privacy by design, right to erasure, data portability, and a dedicated Data Protection Officer.
21 CFR Part 11
Compliant electronic records and electronic signatures for FDA-regulated life sciences, pharmaceutical, and medical device companies.
Security Architecture
Defense in depth across every layer of the stack.
Infrastructure
Hosted on AWS with multi-region deployment, automatic failover, and a 99.99% uptime SLA. Infrastructure-as-code with immutable deployments and continuous monitoring.
Encryption
AES-256 encryption at rest with customer-managed keys available. TLS 1.3 for all data in transit. HSM-backed key management for digital signature certificates.
Access Control
Role-based access control (RBAC) with granular permissions. SSO via SAML 2.0 and OpenID Connect. Multi-factor authentication enforced for all accounts.
Audit Logging
Complete tamper-evident audit trail for every action. Immutable logs with cryptographic chaining. Exportable for SIEM integration and regulatory review.
Data Residency
Choose where your data lives: United States, European Union, or Asia-Pacific. Data sovereignty controls ensure documents never leave your designated region.
Penetration Testing
Annual third-party penetration tests by leading security firms. Continuous vulnerability scanning and a responsible disclosure program with bug bounty.
Transparency Builds Trust
We believe in openness. Access our security documentation and compliance artifacts anytime.
Have Security Questions?
Our security team is happy to walk you through our architecture, certifications, and compliance posture.