Skip to main content
Trust & Compliance

Compliance & Certifications

Orbitra maintains the highest standards of security, privacy, and regulatory compliance to protect your data and meet global requirements.

Last Updated: January 20, 2024

15+
Certifications
100%
GDPR Compliant
24/7
Compliance Monitoring
50+
Countries Supported

1. Security Certifications

SOC 2 Type II

Orbitra has achieved SOC 2 Type II certification, demonstrating our commitment to maintaining the highest standards of security, availability, processing integrity, confidentiality, and privacy.

Security Availability Confidentiality Privacy

ISO 27001:2013

Our Information Security Management System (ISMS) is certified to ISO 27001:2013, the international standard for information security management.

  • Risk assessment and management
  • Security controls implementation
  • Continuous improvement processes
  • Regular third-party audits

ISO 27017:2015

Cloud security certification providing guidelines for information security controls applicable to cloud services, ensuring secure cloud computing environments.

ISO 27018:2019

Protection of personally identifiable information (PII) in public clouds, demonstrating our commitment to privacy in cloud computing.

PCI DSS Level 1

Payment Card Industry Data Security Standard compliance for secure handling of credit card information and payment processing.

2. Privacy Compliance

GDPR (General Data Protection Regulation)

Full compliance with EU GDPR requirements for data protection and privacy. We provide comprehensive data subject rights and transparent data processing.

  • Right to access, rectification, and erasure
  • Data portability and restriction of processing
  • Privacy by design and by default
  • Data Protection Impact Assessments (DPIA)
  • Breach notification within 72 hours
  • Data Processing Agreements (DPA) available

CCPA / CPRA (California Privacy Rights)

Compliance with California Consumer Privacy Act and California Privacy Rights Act, providing California residents with enhanced privacy rights.

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale of personal information
  • Right to non-discrimination for exercising rights

EU-U.S. Data Privacy Framework

Certified under the EU-U.S. Data Privacy Framework for lawful data transfers between the European Union and the United States.

PIPEDA (Canada)

Compliance with Canada's Personal Information Protection and Electronic Documents Act for handling personal information in commercial activities.

3. Industry Standards

HIPAA Compliance

Health Insurance Portability and Accountability Act compliance for healthcare organizations. We provide Business Associate Agreements (BAA) for covered entities.

  • Protected Health Information (PHI) safeguards
  • Administrative, physical, and technical safeguards
  • Breach notification procedures
  • Regular risk assessments

FedRAMP Authorized

Federal Risk and Authorization Management Program authorization for U.S. government agencies, meeting stringent federal security requirements.

FISMA Compliant

Federal Information Security Management Act compliance for federal information systems and organizations.

FINRA / SEC Compliance

Compliance with Financial Industry Regulatory Authority and Securities and Exchange Commission requirements for financial services organizations.

4. Regional Compliance

Europe

  • • GDPR (EU General Data Protection Regulation)
  • • eIDAS (Electronic Identification and Trust Services)
  • • NIS Directive (Network and Information Security)
  • • EU Cloud Code of Conduct
  • • ENISA Guidelines

United States

  • • CCPA / CPRA (California)
  • • HIPAA (Healthcare)
  • • FedRAMP (Federal Government)
  • • FISMA (Federal Information Security)
  • • SOX (Sarbanes-Oxley Act)

Asia Pacific

  • • APPI (Japan - Act on Protection of Personal Information)
  • • PDPA (Singapore Personal Data Protection Act)
  • • PIPL (China Personal Information Protection Law)
  • • Privacy Act (Australia)
  • • PIPA (South Korea Personal Information Protection Act)

Other Regions

  • • PIPEDA (Canada)
  • • LGPD (Brazil Lei Geral de Proteção de Dados)
  • • POPIA (South Africa Protection of Personal Information Act)
  • • DPA (UK Data Protection Act)
  • • PDPB (India Personal Data Protection Bill)

5. Data Residency & Sovereignty

Orbitra provides flexible data residency options to meet regulatory requirements and data sovereignty needs across different jurisdictions.

Regional Data Centers

15+
Global Regions
50+
Data Centers
100%
Data Control

Data Residency Features

  • Choose specific geographic regions for data storage
  • Data never leaves your selected region without consent
  • Compliance with local data protection laws
  • Transparent data location and transfer policies
  • Multi-region replication with geographic controls
  • Data sovereignty guarantees

Available Regions

North America (US, Canada)
Europe (EU, UK, Switzerland)
Asia Pacific (Singapore, Japan, Australia)
Middle East (UAE, Bahrain)
South America (Brazil, Argentina)
Africa (South Africa)

6. Audits & Assessments

Orbitra undergoes regular independent audits and assessments to verify our security controls and compliance with industry standards.

Third-Party Audits

  • Annual SOC 2 Type II audits
  • ISO 27001 surveillance audits
  • PCI DSS quarterly scans
  • FedRAMP continuous monitoring

Security Assessments

  • Quarterly penetration testing
  • Continuous vulnerability scanning
  • Annual risk assessments
  • Code security reviews

Customer Audits

  • Right to audit provisions
  • Audit report sharing
  • Security questionnaire support
  • Compliance documentation access

Continuous Monitoring

  • 24/7 security monitoring
  • Real-time threat detection
  • Automated compliance checks
  • Incident response procedures

7. Security Frameworks

Our security program is built on industry-leading frameworks and best practices to ensure comprehensive protection.

NIST Cybersecurity Framework

Implementation of NIST CSF core functions for comprehensive cybersecurity management.

Identify Protect Detect Respond Recover

CIS Controls

Implementation of Center for Internet Security Critical Security Controls for effective cyber defense.

OWASP Top 10

Protection against OWASP Top 10 web application security risks through secure development practices.

Cloud Security Alliance (CSA)

Adherence to CSA Cloud Controls Matrix (CCM) for cloud security best practices.

8. Compliance Policies

Orbitra maintains comprehensive policies and procedures to ensure ongoing compliance with all applicable regulations and standards.

Information Security Policy

Comprehensive security controls and procedures

Data Protection Policy

Privacy and data handling procedures

Incident Response Policy

Security incident handling procedures

Business Continuity Policy

Disaster recovery and continuity planning

Access Control Policy

User access and authentication controls

Vendor Management Policy

Third-party risk assessment procedures

9. Compliance Reports & Documentation

We provide comprehensive compliance documentation to help you meet your regulatory and audit requirements.

Available Reports

SOC 2 Type II Report

Independent audit report on security, availability, and confidentiality controls

ISO 27001 Certificate

Information security management system certification

PCI DSS Attestation of Compliance (AOC)

Payment card industry compliance documentation

Penetration Test Report Summary

Executive summary of third-party security testing

Data Processing Agreement (DPA)

GDPR-compliant data processing agreement template

Business Associate Agreement (BAA)

HIPAA-compliant business associate agreement

Security Whitepaper

Comprehensive overview of our security architecture and controls

Request Process

To request compliance reports and documentation, please contact our compliance team. Reports are typically provided under NDA to existing and prospective customers.

10. Contact Compliance Team

Our compliance team is available to answer your questions and provide support for your compliance requirements.

Compliance Team

Email: compliance@example.com

Response Time: Within 24 hours

For: Compliance inquiries and documentation requests

Security Team

Email: security@example.com

Response Time: Immediate for critical issues

For: Security concerns and vulnerability reports

Data Protection Officer

Email: dpo@example.com

Response Time: Within 48 hours

For: GDPR and privacy-related inquiries

Audit Support

Email: audit@example.com

Response Time: Within 3 business days

For: Audit requests and compliance verification

Mailing Address

Orbitra Inc.

Compliance Department

123 Cloud Street, Suite 500

San Francisco, CA 94105

United States

Note: For urgent security matters or to report a security vulnerability, please use our Security page or contact security@example.com immediately.

Need Compliance Documentation?

Request compliance reports, certifications, and documentation to support your audit and regulatory requirements.