Privacy Shield Framework

BeyondTrust customers can transfer personal data from the European Union (EU) to the United States (US) in a compliant way; The EU-US Privacy Shield aims to enable the compliant transfer of personal data from data controllers in the EU to data controllers or data processors in the US.

Learn more about the EU-US Privacy Shield on the European Commission website and on the US Department of Commerce Website.

  • E.U. – U.S. Privacy Shield Date: expires November 14, 2020
  • Swiss – U.S. Privacy Shield Date: expires November 14, 2020

American Institute of Certified Public Accountants (AICPA)

The American Institute of Certified Public Accountants (AICPA) System and Organizational Controls (SOC) for Service Organizations reports are designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report by an independent CPA. Each type of SOC for Service Organizations report is designed to help service organizations meet specific user needs. More information is available from the AICPA website.

BeyondTrust SOC Reports are based on independent third-party assessor examinations. The resulting reports demonstrate how Beyond Trust achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Beyond Trust controls established to support operations and compliance.

BeyondTrust maintains the following SOC assessments:

  • SOC II Type 1 as of April 30, 2020
  • SOC II Type 2 - Underway

Cloud Security Alliance

The Cloud Security Alliance (CSA) is a not-for-profit organization whose mission is to “promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing”.

BeyondTrust, as a CSA member, has completed the Cloud Security Alliance (CSA) STAR Level 1: CSA Star Self-Assessment - Consensus Assessments Initiative Questionnaire (CAIQ) (v3) released by the CSA.

Registered since March 2017

FIPS 140-2

FIPS 140-2 Level 2 certification BeyondTrust Remote Support Offerings: Certification Date: July 2019

FIPS 140-2 standard is specific to security requirements for a cryptographic module used within a security system, and is published by the U.S. National Institute of Standards and Technologies (NIST). FIPS 140-2 is recognized by the U.S. and Canadian governments, as well as the European Union. FIPS 140-2 was the main input document for developing ISO/IEC 19790, and is recognized worldwide as an important benchmark for third-party validations of encryption products of all kinds.


PCI/DSS Level 4: expires 7/26/2020

The PCI Security Standards Council (PCI SSC), representing financial institutions, merchants, processor companies, software developers, and point-of-sale vendors, developed PCI DSS in 2004 to safeguard credit card and cardholder data against breach and other forms of unauthorized access.

To process, store, or transmit credit card data, merchants and payment or internet service providers must be PCI compliant. Otherwise, they face strict penalties including fines and possible loss of credit card privileges.

Level 4 applies to merchants that process fewer than 20,000 Visa or Mastercard e-commerce transactions per year or up to 1 million total Visa or Mastercard credit card transactions and that have not suffered a data breach or attack that compromised card or cardholder data.


ISO Certification: Underway

ISO Certification is a seal of approval from a 3rd party body that a company runs to one of the internationally recognized ISO management systems. The certification can be used to tender for business as a proof of a company’s credibility but also to install confidence in the potential client that you will keep your promises.

Common Criteria

Common Criteria Protection Profile for Enterprise Security Management: Certificate Date: June 2018

The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1 revision 5