MetricStream has ISO 27001 certification, SOC2 Type II and HIPAA attestations by independent security auditors. We are EU-US Privacy Shield self-certified, complies to GDPR and CCPA. Our platform and application suite are developed based on OWASP and relevant security standards. The code, application as well as the GRC Cloud infrastructure are pen-tested by external security vendors. We also subscribe to BitSight's security monitoring services. These robust controls' framework and security posture is leveraged by hundreds of customers that are using MetricStream's GRC SaaS Cloud solutions and services.