Security at Confirmit is Paramount

At Confirmit, we take security seriously. This commitment is embedded in our culture, products, and day-to-day operations. The importance of safeguarding the confidentiality of our clients’ data is shared from the CEO down. For decades Confirmit has maintained one of the highest levels of security in our industry, allowing us to earn the trust of the most demanding companies, and meet their stringent security and privacy requirements. For more details on the security features of our products, click here.

Validated Under Rigorous Industry Standards:

Confirmit’s operations undergo an annual comprehensive SOC 2 Type II (SSAE 18 / AT 101) examination by a highly-reputable AICPA accredited firm (full audit report is available to our clients). Our SaaS production environment, where client data is stored and processed, is ISO 27001 certified, SOC 2 Type II audited and PCI-DSS certified.


Partnering with the Best:

Your data is stored and processed on the SaaS platform you select, which we host with Rackspace in the USA, UK, and Australia. We also have cloud-based offerings hosted by Microsoft Azure in Canada and Germany.

Rackspace is recognized to be the world’s leading managed hosting provider and we have been partnering with them since 2004. Read more about Rackspace certifications at:

Microsoft Azure’s extensive global footprint allows us to localize your data to more geographic regions as well as provide improved response times for those localities. More information about Azure’s security, compliance and privacy may be found here:

Trust but Verify:

In addition to the comprehensive third-party SOC 2 Type II audits of our operations, Confirmit performs a battery of additional testing to ensure the effectiveness of our security posture. These include weekly penetration testing by our information security team which are validated by annual third-party penetration tests by independent security professionals (McAfee). Confirmit also performs static code-scanning of the software we develop, which is validated by third-party white-hat application testing performed by highly trained cyber-security professionals (Veracode). We have always completed the third-party testing with the highest security grade available, “A”. Reports are made available to our customers.


HIPAA regulations require that covered entities and their business associates enter into an agreement (BAA) that ensures adequate protection of PHI by the business associate. Confirmit supports a number of HIPAA compliant companies and is ready to enter into a BAA that meets your specific needs.



For more details, including downloadable documents, on our extensive security, please click here.
If you’d like to speak to us about of offerings, please contact your local Confirmit office.

If you want to submit a security related bug, please follow the instructions here.