Join any meeting from Microsoft Teams Rooms. Available now

Secure by Design.
Secure by Default.

We are committed to building security into everything we do. 

By integrating proactive, risk-based security measures from the outset, we aim to protect our organization, partners, and customers from evolving threats and vulnerabilities.

Pexip holds the following certifications

ISOIEC 27001
ISO/IEC 27001
by DNV, with additional controls for ISO/IEC 27017 and ISO/IEC 27018. 
Overview
ISO 27701
ISO/IEC 27701
by DNV. 
Overview

Pexip Infinity holds the following certifications

Infinity powers Secure Meetings, Pexip Video Platform, and Pexip Connect Standard (self-hosted deployment).

Pexip Service holds the following certifications

Pexip Service powers Pexip Connect for Teams Rooms, Pexip Connect Essentials, and Pexip Connect Standard (software-as-a-service).

Legal & Regulatory
Compliance Attestation

 

At Pexip, our commitment to data protection and privacy is at the core of everything we do. Recognizing the critical importance of safeguarding our users' information, we have adopted a proactive and thorough approach to establish, implement, monitor, and review our compliance with global data protection regulations. This approach ensures not only adherence to current standards but also our preparedness for future regulatory changes.

 

 

Our Approach to Compliance:


Pexip has established a management system for information security and privacy. We incorporate the requirements of data protection regulations into our control framework and reflect these requirements in policy and practice. Our data protection program which undergoes annual audits by third party auditors for conformity has been developed in accordance with the regulatory and sectoral requirements of:

  • EU Regulation 2016/679 (the GDPR)
  • EU Regulation 2018/1725
  • UK General Data Protection Regulation (UK GDPR)
  • UK Data Protection Act 2018 (DPA 2018)
  • California Consumer Privacy Act of 2018 (CCPA) as amended by the CPRA
  • LGPD Brazilian Data Protection Law (LGPD) as amended by Law No. 13,853/2019
  • Norwegian Personal Data Act
  • Swiss Federal Act on Data Protection (FADP)
  • NIST Secure Software Development Framework (SSDF), Executive Order (EO) 14028
  • Office of Management and Budget (OMB) Circular M-22-18

Our management system incorporates the following international standards: ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO/IEC 27701. These standards are integral to our approach to comply with global data protection regulations.

  • ISO/IEC 27001: Provides a comprehensive framework for establishing, implementing, maintaining, and continually improving our ISMS, helping us manage the security of assets including financial information, intellectual property, employee details, and information entrusted to us by third parties.
  • ISO/IEC 27017: Offers guidelines on the information security aspects specific to cloud computing, enhancing the existing controls in ISO/IEC 27001 by addressing cloud service-specific risks and controls.
  • ISO/IEC 27018: A code of practice for protecting personal data in the cloud, ensuring that our cloud services adhere to applicable privacy regulations and best practices for personal data protection.
  • ISO/IEC 27701: Extends ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the company, helping us manage privacy risks related to personal information we process.

Our compliance strategy starts with the identification of data protection regulations that apply to our operations. Performing gap analyses and risk assessments to understand our current state of compliance and identify areas for improvement, ensuring that our practices align with both the letter and the spirit of the law.

 

Our policies and procedures are regularly revised to reflect the latest regulatory requirements and best practices. We incorporate data protection by design and by default into our processes, ensuring that personal data protection is integrated into the development and operation of our information communication technologies and business practices.

 

We are committed to educating our staff on the importance of data protection, providing ongoing, role-specific training to ensure they understand their responsibilities. A culture of data protection awareness permeates our organization, emphasizing the critical role of compliance in our operations.


We have established efficient mechanisms to respond to data subjects' requests, upholding their rights under various regulations. Our commitment to transparency and accountability is reflected in our prompt and respectful handling of these requests.Recognizing the importance of our partners in maintaining data integrity, we rigorously assess and monitor the data protection practices of our vendors and third parties, integrating strict data protection requirements into our contracts.

 

To ensure compliance with international data protection and incident reporting schema, Pexip plans, develops, implements, maintains, and tests our Incident Response strategy via iterative internal and 3rd-party audits and assessments.

 

We maintain comprehensive records of our data processing activities and compliance measures, ensuring that we can demonstrate our adherence to regulatory standards at any time.

 

Our commitment to excellence drives us to regularly review and update our data protection program, staying ahead of new regulatory developments and evolving data protection threats.

 

At Pexip, we understand that compliance with data protection regulations is not just a legal requirement but a cornerstone of trust.

 

Our comprehensive approach ensures that our clients and their stakeholders can confidently rely on our services for their communication needs, knowing that their data is secure and protected according to the highest standards.

GDPR
In support of our primary mission to protect individual and organizational privacy, Pexip proudly complies with the requirements codified in the European Union (EU) General Data Protection Regulation (GDPR), Regulation (EU) 2016/679.
NIS2
As part of our ongoing Continuous Monitoring / Continuous Improvement (CM/CI) approach to organizational and product security, Pexip is on track to be fully compliant with the Network and Information Security Directive 2 (NIS2) on or before 17 OCT 2024. Pexip will publish updated NIS2 compliance information in Q3 2024.

Compliance enabled by Pexip solutions

HIPAA compliance

Enabling compliance with Health Insurance Portability and Accountability Act (HIPAA) compliance.

GDPR compliance

Enabling compliance with European Union (EU) Regulation 2016/679, the General Data Protection Regulation (GDPR).

NIS2 compliance

Enabling compliance with European Union (EU) Regulation 2022/2555, the Network and Information Security Directive (NIS2).
HIPAA compliance
GDPR compliance
NIS2 compliance

Get in touch

lock

Ask privacy-related questions

Contact us at privacy@pexip.com.

Send email
campaign

Disclose a vulnerability

Read our Vulnerability Disclosure Handling Policy.

Learn more
bug_report

Report a bug

Contact our support team via the support portal.

Access portal

Overview of Pexip's ISO 27001 Certification

Pexip has implemented applicable technical and organisational measures cemented in an Information Security Management System (ISMS) compliant and certified under ISO/IEC 27001:2013. This certification includes additional security controls for cloud service providers specified in ISO/IEC 27017:2015 as well as additional privacy controls from ISO/IEC 27018:2019 for service providers acting as processors of personal data or personally identifiable information (PII) on assessing risks and implementing applicable controls for protecting PII.

 

Pexip’s achievement of ISO/IEC 27001:2013 certification is a fundamental component of Pexip’s mission to be seen as reliable and trustworthy amongst our customers from both a security and compliance standpoint. Pexip is audited once a year for compliance by a third-party accredited certification body, providing independent validation that our security controls are in place and operating effectively. As of 2024, Pexip is in the process of transitioning to the 2022 version of the ISO 27001 standard.

 

Scope of the certificate:

Development, provision, management, sales and delivery of collaboration software and collaboration as-a-service using the applicable controls from ISO/IEC 27017:2015 and ISO/IEC 27018:2019.

Overview of Pexip's ISO 27701 Certification

Pexip has implemented applicable data protection measures cemented in a Privacy Information Management System (PIMS) compliant and certified under ISO/IEC 27701:2019 as ‘PII Processor’. The international acceptance and applicability of ISO/IEC 27701:2019 and Pexip as a global service provider are the key reasons why certification to this standard is at the forefront of Pexip’s approach to implementing and managing privacy information. Pexip’s achievement of ISO/IEC 27701:2019 certification is a fundamental component of Pexip’s mission to be seen as reliable and trustworthy amongst their customers from a privacy and compliance standpoint. Currently, Pexip is audited once a year for compliance by a third-party accredited certification body, providing independent validation that our privacy controls are in place and operating effectively.

 

Scope of Certification:

Development, provision, management, sales and delivery of collaboration software and collaboration as-a-service with the role as 'PII Processor'