Trust & Assurance

Certifications & audits

ISO 27001:2022

This ISO certification showcases our ability to implement and enhance information security policies. It demonstrates that we can implement and maintain information security policies and procedures relevant to the needs of the organization and its clients while continuing to improve the Information Security Program and the organization's operations. Equisolve is the only IR Website vendor with this certification.

Download ISO 27001

ISO 27018:2019

ISO 27018 is part of the ISO 27K series and addresses the specific needs of protecting personally identifiable information (PII) in public cloud services. It offers a focused approach to data privacy and regulatory compliance that is crucial in the cloud computing era. The standard aims to build trust and transparency between cloud service providers and customers by outlining specific practices for handling, processing, and storing PII in the cloud. Equisolve is the only IR website vendor with this certification.

Download ISO 27018

SOC 2 TYPE II

Our internal processes undergo annual audits by an accredited advisory firm, ensuring effective controls for key compliance and control objectives.

The CSA Security, Trust, Assurance, and Risk (STAR)

The CSA Security, Trust, Assurance, and Risk (STAR) program is the largest cloud assurance program in the world that constitutes an ecosystem of the best practices, standards, technology, and auditing partners. STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM).

Security

Encryption and key management

We ensure robust protection for sensitive data in transit and at rest. We employ cutting-edge encryption methods, including TLS 1.2 and AES 256. Production data is encrypted following FIPS 140-2 standards, with AWS Key Management System (KMS) used to securely store encryption keys in an isolated environment.

Access control

Our stringent access controls, featuring multifactor authentication, SSO (e.g., SAML), RBAC, and encryption, guarantee the safety of data. Quarterly access reviews further secure against unauthorized transmission, disclosure, alteration, or deletion.

Network security

Equisolve employs diverse controls such as network segmentation, web application firewalls, intrusion detection, DDoS mitigation, and strong encryption to fortify infrastructure, systems, and applications.

Vulnerability and threat management

Ongoing authenticated vulnerability scans across workstations, infrastructure, web applications, and containers, coupled with prompt remediation based on SLAs, ensure continual protection. Senior management receives routine reports on the effectiveness of these measures.

Assurance testing

In addition to SOC 2 and ISO 27001 audits, Equisolve annually collaborates with a respected cybersecurity firm for red and blue team penetration testing, web application security testing, and remote vulnerability testing, ensuring a comprehensive evaluation of our key applications and public-facing services.

Download our Security Statement

Privacy

Data Privacy Addendum

Our DPA is a market standard implementation of US privacy law and GDPR Article 28 requirements imposed upon processors and reflects how we process personal data under our services.

View Data Protection Addendum

Governance

We leverage the Privacy Shield Framework which helps ensure global privacy control requirements are understood, appropriately documented, and implemented.

Data Access

Strong access controls such as multifactor authentication, SAML, role-based access (RBAC), anonymization, masking, and encryption are all essential to ensuring data is safe from unauthorized transmission, disclosure, alteration, or deletion.

Knowledge

All Equisolve employees and contractors are required to participate in privacy training. Additionally, Equisolve has a Data Privacy Officer who champions the Privacy Program and ensures compliance.

Availability

Infrastructure

Equisolve leverages AWS’ IaaS platform to host all critical infrastructure used to provide client-facing services. This allows for the design of an operating environment that is fault-tolerant delivering an uptime of nearly “Five Nines”.

Monitoring

Equisolve uses both internal and external tools to monitor a broad range of metrics across all systems, applications, and communication channels. Where metrics fall out of an acceptable tolerance, alerts are triggered and immediately responded to.

Testing

To ensure that the infrastructure and supporting processes are designed to be resilient to all forms of threats, Equisolve conducts testing that covers a broad range of scenarios. This testing occurs at least quarterly, with results and any required remediation activities reported to senior management.

Service Level Agreement

Equisolve guarantees that client sites will be available 99.999% of the time.

Third-party risk management

Rigorous vendor requirements

Equisolve mandates strict adherence to requirements for all vendors, based on their assessed risk concerning service reliance and data sensitivity. Vendors handling sensitive data must possess 3rd party attestation of control effectiveness and, when applicable, industry-specific certifications.

Ongoing monitoring

Our vendor monitoring activities involve due diligence reviews to validate risk levels, ensure up-to-date certifications and cybersecurity insurance, and confirm the completion of 3rd party attestations with no outstanding material findings.

Cloud security

We heavily rely on cloud service providers. To ensure clarity in responsibilities, we maintain an annually updated cloud security control responsibility matrix, outlining each party's role in the relationship.

Incident response

Procedures

Our comprehensive Incident Response Procedure is inclusive of event categorization, team responsibilities, forensics, and reporting.

24/7 monitoring

We use a broad range of monitor tools to capture and analyze security events. Additionally, a Security Incident and Event Management (SIEM) system performs advanced analytics and alerting.

Training & education

Security awareness

To ensure that all constituents are aware of their responsibilities around information security, security awareness training is provided to employees and contractors upon hiring and annually thereafter. To remain current, training is reviewed for updates no less than annually.

Phishing

We perform simulated phishing attacks against all employees and contractors at least monthly. If an individual fails the test, they are immediately directed to remediation training to reinforce the techniques used by fraudsters and how to spot suspicious emails.

Targeted training

All employees and contractors with specialized roles (e.g., code development, accessibility) are required to take additional training specific to their responsibilities.

Responsible AI Use

Equisolve is committed to the responsible and transparent use of AI. By maintaining a collaborative, human-in-the-loop approach, we ensure the reliability and quality of outcomes, positioning AI as a supportive tool rather than a replacement for human expertise. Equisolve integrates AI technologies to enhance productivity and streamline workflows.

We adhere to the following principles:

Human in the loop, always: We have committed to keeping human review in AI processes. We believe AI should assist, not replace, human decision-making
Information and data security are our top priorities: Protecting client information is our top priority.
- We do not use client data to train AI models.
- Proprietary or confidential information is never accessed by AI.
Robust AI governance: We pride ourselves on exceptional governance, and that extends to our use of AI. All proposed use cases of AI are reviewed for security and privacy by our AI Governance Committee prior to approval.

Download AI Statement

VPAT

Our Accessibility Conformance Report (ACR) for our Company Template product was produced from VPAT v2.5 (Voluntary Product Accessibility Template). Our VPAT document is updated annually.

100% of our client service specialists, content strategists, designers, developers, and project managers are trained in IR Website accessibility through Deque. We also hold the following accessibility certifications:

Let's talk

We're sorry, but this form has spam protection that requires JavaScript to be enabled to work correctly. If you'd like to contact us via this form, please enable scripts in your browser and reload the page.

*Required Fields

First Name

Last Name

Company (optional)

Title (optional)

Phone (optional)

Referred by (optional)

Interested In (optional)

IR Website
Corporate Website
ETF Website
Accessibility
Investor Analytics
Additional Services

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.