MetricStream has ISO 27001 certification, SOC2 Type II and HIPAA attestations by independent security auditors. We comply to GDPR and CCPA. Our platform and application suite are developed based on OWASP and relevant security standards. The code, application, as well as the GRC Cloud infrastructure are pen-tested by external security vendors. We also subscribe to BitSight's security monitoring services. These robust controls' framework and security posture is leveraged by hundreds of customers that are using MetricStream's GRC SaaS Cloud solutions and services.