Select Page

Compliance and certificationsAlways secure, certainly compliant

Communication processes used by international companies are facing increasingly stringent compliance requirements. With Retarus’ Enterprise Cloud it’s easy for you to comply with internal policies and external regulations, consistently and company-wide.

Complete protection from the Cloud

With us, your data remains available, intact, and confidential – anywhere in the world. Retarus uses a security framework and a management system for information security (ISMS) verified to ISAE 3000 SOC2 Type II to ensure security. This allows us to support you in your compliance with your international standards and individual control sets, regardless of which Retarus Cloud Service you use.

Retarus Cloud Services: Internationally compliant.

✓ GDPR
✓ German Federal Data Protection Act
✓ EU Directive 95/46/EC
✓ ISAE 3402
✓ PCI-DSS

We consider the data of our employees and business partners to be valuable property and protect it globally, while considering all locally applicable laws and regulations. We consistently comply with all relevant data privacy regulations and commit ourselves to handling confidential information with great care.

Retarus Code of Conduct

Signed and sealed

With Retarus Cloud Services you can be sure that you are in compliance with all relevant regulations. The internal control system ensures that your business-critical data and information receives the highest level of protection in accordance with ISAE 3402. Furthermore, Retarus is PCI DSS Level 2 verified, and supports industry standards such as HITRUST and TISAX and, as a European company, complies with the GDPR. In addition, our Security Framework includes best practices from the ISO 27000 series, as well as the IT basic protections of the German Federal Office for Information Security (BSI).

Zertifizierungen
HIPAA, HITRUST and others

Particularly important for the United States of America health care system are the regulations put forth by HIPAA and HITECH Act, as well as industry standards such as HITRUST and HL7. They stipulate the highest level of sensitivity when handling confidential patient and health care data. The HITRUST Common Security Framework (CSF), in particular, is also being met with growing interest outside of the health care industry by other highly regulated industries.

TISAX
Retarus successfully completed the TISAX Audit for Information Processing with “high protection standards” for the automotive industry. TISAX is meant to ensure that all participants in the automotive value chain are at a comparable IT security level. A significant advantage for manufacturers and suppliers is that they no longer have to audit certified service providers anymore.
ISAE 3402 / SSAE 18 / SOC 1
ISAE 3402 (also SSAE 18 or SOC 1) is an internationally recognized auditing standard that verifies the security and, above all, effectiveness of a company’s control system. Retarus’ internal control system meets the relevant requirements and ensures that a sustained high level of quality and protection when handling business-critical information is in place. A well-known auditing company regularly audits all relevant processes.
ISAE 3000 / SSAE 18 / SOC 2
SOC 2 certifies the security, availability, and process integrity of the solutions offered by Software-as-a-Service (SaaS) providers. Retarus Cloud Services for fax and email are continuously examined at our data center locations in Germany (Munich and Frankfurt), Asia (Singapore), and the USA (Ashburn and Secaucus) according to SOC 2 Type II.
PCI-DSS
PCI DSS (Payment Card Industry Data Security Standard) is a security standard for the careful and secure handling of payment data. Retarus complies with this standard.
Read more
United States of America HIPAA, HITRUST

US-ASH and US-SEC:

  • HIPAA
  • HITRUST
  • ISO 27001
  • NIST 800-53/FISMA
  • PCI-DSS
  • SOC 1 Type II
  • SOC 2 Type II
Singapore Data Protection Act 2012 PDPA

SG-SGP:

  • HIPAA
  • ISO 27001
  • NIST 800-53/FISMA
  • PCI DSS
  • SOC 1 Type II
  • SOC 2 Type II
Germany Federal Data Protection Act (GDPR)

DE-FRA:

  • ISO 27001
  • ISO 22301
  • PCI-DSS
  • SOC 1 Type II
  • SOC 2 Type II

DE-MUC:

  • SOC 1 Type II
  • SOC 2 Type II
  • PCI-DSS Level 2
Switzerland Federal Law on Data Protection (DPA)

CH-ZRH:

  • ISO 27001
  • ISO 50001
  • SOC 1 Type II
  • SOC 2 Type II

Individually auditable

You can check the Retarus Security Framework at any time if you require special certifications for compliance. Your auditors will receive personal access to our data centers and information about the relevant processes.

Do we meet your requirements? Take a look now!