Secure by Design.
Secure by Default.
We are committed to building security into everything we do.
By integrating proactive, risk-based security measures from the outset, we aim to protect our organization, partners, and customers from evolving threats and vulnerabilities.
Pexip holds the following certifications
ISO/IEC 27001
Overview of Pexip's ISO 27001 Certification
Pexip has implemented applicable technical and organisational measures cemented in an Information Security Management System (ISMS) compliant and certified under ISO/IEC 27001:2022. This certification includes additional security controls for cloud service providers specified in ISO/IEC 27017:2015 as well as additional privacy controls from ISO/IEC 27018:2019 for service providers acting as processors of personal data or personally identifiable information (PII) on assessing risks and implementing applicable controls for protecting PII.
Pexip’s achievement of ISO/IEC 27001:2022 certification is a fundamental component of Pexip’s mission to be seen as reliable and trustworthy amongst our customers from both a security and compliance standpoint. Pexip is audited once a year for compliance by a third-party accredited certification body, providing independent validation that our security controls are in place and operating effectively. As of November 2024, Pexip has transitioned to the 2022 version of the ISO 27001 standard.
ISO/IEC 27701
Overview of Pexip's ISO 27701 Certification
Pexip has implemented applicable data protection measures cemented in a Privacy Information Management System (PIMS) compliant and certified under ISO/IEC 27701:2019 as ‘PII Processor’. The international acceptance and applicability of ISO/IEC 27701:2019 and Pexip as a global service provider are the key reasons why certification to this standard is at the forefront of Pexip’s approach to implementing and managing privacy information. Pexip’s achievement of ISO/IEC 27701:2019 certification is a fundamental component of Pexip’s mission to be seen as reliable and trustworthy amongst their customers from a privacy and compliance standpoint. Currently, Pexip is audited once a year for compliance by a third-party accredited certification body, providing independent validation that our privacy controls are in place and operating effectively.
Scope of the certificate:
Development, provision, management, sales and delivery of collaboration software and collaboration as-a-service with the role as 'PII Processor'
Pexip Infinity holds the following certifications
CSPN (Certification de Sécurité de Premier Niveau)
by French National Agency for Information Technology Security (ANSSI).
CCN (Centro Criptológico Nacional)
Federal Information Processing Standard (FIPS) 140-3 Inside CMVP #4724
UC APL (Unified Capabilities Approved Product List)
Secure Software Development Attestation
Pexip Service holds the following certifications
Legal & Regulatory
Compliance Attestation
At Pexip, our commitment to data protection and privacy is at the core of everything we do. Recognizing the critical importance of safeguarding our users' information, we have adopted a proactive and thorough approach to establish, implement, monitor, and review our compliance with global data protection regulations. This approach ensures not only adherence to current standards but also our preparedness for future regulatory changes.
Our Approach to Compliance:
Pexip has established a management system for information security and privacy. We incorporate the requirements of data protection regulations into our control framework and reflect these requirements in policy and practice. Our data protection program which undergoes annual audits by third party auditors for conformity has been developed in accordance with the regulatory and sectoral requirements of:
- EU Regulation 2016/679 (the GDPR)
- EU Regulation 2018/1725
- UK General Data Protection Regulation (UK GDPR)
- UK Data Protection Act 2018 (DPA 2018)
- California Consumer Privacy Act of 2018 (CCPA) as amended by the CPRA
- LGPD Brazilian Data Protection Law (LGPD) as amended by Law No. 13,853/2019
- Norwegian Personal Data Act
- Swiss Federal Act on Data Protection (FADP)
- NIST Secure Software Development Framework (SSDF), Executive Order (EO) 14028
- Office of Management and Budget (OMB) Circular M-22-18
Our management system incorporates the following international standards: ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO/IEC 27701. These standards are integral to our approach to comply with global data protection regulations.
- ISO/IEC 27001: Provides a comprehensive framework for establishing, implementing, maintaining, and continually improving our ISMS, helping us manage the security of assets including financial information, intellectual property, employee details, and information entrusted to us by third parties.
- ISO/IEC 27017: Offers guidelines on the information security aspects specific to cloud computing, enhancing the existing controls in ISO/IEC 27001 by addressing cloud service-specific risks and controls.
- ISO/IEC 27018: A code of practice for protecting personal data in the cloud, ensuring that our cloud services adhere to applicable privacy regulations and best practices for personal data protection.
- ISO/IEC 27701: Extends ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the company, helping us manage privacy risks related to personal information we process.
Our compliance strategy starts with the identification of data protection regulations that apply to our operations. Performing gap analyses and risk assessments to understand our current state of compliance and identify areas for improvement, ensuring that our practices align with both the letter and the spirit of the law.
Our policies and procedures are regularly revised to reflect the latest regulatory requirements and best practices. We incorporate data protection by design and by default into our processes, ensuring that personal data protection is integrated into the development and operation of our information communication technologies and business practices.
We are committed to educating our staff on the importance of data protection, providing ongoing, role-specific training to ensure they understand their responsibilities. A culture of data protection awareness permeates our organization, emphasizing the critical role of compliance in our operations.
We have established efficient mechanisms to respond to data subjects' requests, upholding their rights under various regulations. Our commitment to transparency and accountability is reflected in our prompt and respectful handling of these requests.Recognizing the importance of our partners in maintaining data integrity, we rigorously assess and monitor the data protection practices of our vendors and third parties, integrating strict data protection requirements into our contracts.
To ensure compliance with international data protection and incident reporting schema, Pexip plans, develops, implements, maintains, and tests our Incident Response strategy via iterative internal and 3rd-party audits and assessments.
We maintain comprehensive records of our data processing activities and compliance measures, ensuring that we can demonstrate our adherence to regulatory standards at any time.
Our commitment to excellence drives us to regularly review and update our data protection program, staying ahead of new regulatory developments and evolving data protection threats.
At Pexip, we understand that compliance with data protection regulations is not just a legal requirement but a cornerstone of trust.
Our comprehensive approach ensures that our clients and their stakeholders can confidently rely on our services for their communication needs, knowing that their data is secure and protected according to the highest standards.
Compliance enabled by Pexip solutions
HIPAA compliance
GDPR compliance
NIS2 compliance
Get in touch
Overview of Pexip's ISO 27001 Certification
Pexip has implemented applicable technical and organisational measures cemented in an Information Security Management System (ISMS) compliant and certified under ISO/IEC 27001:2013. This certification includes additional security controls for cloud service providers specified in ISO/IEC 27017:2015 as well as additional privacy controls from ISO/IEC 27018:2019 for service providers acting as processors of personal data or personally identifiable information (PII) on assessing risks and implementing applicable controls for protecting PII.
Pexip’s achievement of ISO/IEC 27001:2013 certification is a fundamental component of Pexip’s mission to be seen as reliable and trustworthy amongst our customers from both a security and compliance standpoint. Pexip is audited once a year for compliance by a third-party accredited certification body, providing independent validation that our security controls are in place and operating effectively. As of 2024, Pexip is in the process of transitioning to the 2022 version of the ISO 27001 standard.
Scope of the certificate:
Development, provision, management, sales and delivery of collaboration software and collaboration as-a-service using the applicable controls from ISO/IEC 27017:2015 and ISO/IEC 27018:2019.
Overview of Pexip's ISO 27701 Certification
Pexip has implemented applicable data protection measures cemented in a Privacy Information Management System (PIMS) compliant and certified under ISO/IEC 27701:2019 as ‘PII Processor’. The international acceptance and applicability of ISO/IEC 27701:2019 and Pexip as a global service provider are the key reasons why certification to this standard is at the forefront of Pexip’s approach to implementing and managing privacy information. Pexip’s achievement of ISO/IEC 27701:2019 certification is a fundamental component of Pexip’s mission to be seen as reliable and trustworthy amongst their customers from a privacy and compliance standpoint. Currently, Pexip is audited once a year for compliance by a third-party accredited certification body, providing independent validation that our privacy controls are in place and operating effectively.
Scope of Certification:
Development, provision, management, sales and delivery of collaboration software and collaboration as-a-service with the role as 'PII Processor'