Security, Compliance, and Enterprise Scale for Global Event Programs

Security, Compliance, and Enterprise Scale for Global Event Programs

Certain enables your teams to run global event programs securely. Rigorous security controls, verified compliance, and privacy-first practices are built into every layer of the Certain platform. This approach helps meet enterprise requirements while delivering exceptional event experiences worldwide.

Compliance

• PCI DSS Level 1 compliance has been maintained for more than six consecutive years.
• The cloud environment is SOC 2–certified and secure.

Privacy

• The platform supports GDPR compliance.
• The platform supports CCPA compliance.
• Customer data ownership is clear.
• Customers control how their data is collected, how it is used, and how long it is retained.

Encryption

• Encryption in transit uses TLS.
• Encryption at rest uses industry-standard methods.

Access

• The platform supports SSO with SAML2, OAuth2, and OpenID Connect.
• Identity governance includes MFA, RBAC, and least-privilege access.

Monitoring & Response

• The platform provides continuous monitoring, alerting, and incident response processes.

Global Performance

• Data residency options are available where applicable.
• Global CDN infrastructure ensures high-performing event websites worldwide.

Proven, Long-Standing Compliance

• Certain has maintained PCI DSS Level 1 compliance for more than six consecutive years.
• Certain operates SOC 2–aligned controls across core cloud environments, covering security, availability, and confidentiality.
• These controls are embedded into day-to-day operations for smooth security reviews and continuous certification.
• Our security governance model is designed to meet enterprise procurement and audit expectations, with documented controls, repeatable processes, and clear accountability across infrastructure, product, and operations.
• Privacy and Data Control by Design helps you meet privacy obligations while keeping control across the full data lifecycle.
• Your event data belongs to you. You decide what is collected, how it’s used, and how long it’s retained.
• Configurable retention and deletion practices are provided, aligned with enterprise needs.
• The platform supports consent management and user preferences to help organizations meet global privacy expectations.
• We maintain vendor governance practices and provide DPAs to support compliance and customer procurement.
• Certain follows a strict data destruction standard aligned with DoD 5220.22-M. This high-assurance standard is valued by government, financial services, and regulated industries.
• Defense-in-Depth Across Infrastructure, Product, and Operations applies layered security controls across the entire platform, from cloud infrastructure to application design and daily operations, to protect programs at scale.
• Data encryption in transit (TLS) and at rest uses industry-standard methods.
• Secure key handling aligns with enterprise best practices.
• Certain supports modern enterprise identity and authentication controls, enabling centralized access management and consistent policies across teams.
• SSO is supported via SAML2, OAuth2, and OpenID Connect.
• Multi-factor authentication is supported.
• Enterprise identity providers can be integrated.
• Secure session management is provided.
• Authorization and access governance provides robust controls over access, visibility, and accountability across infrastructure, product, and operations.
• Role-based permissions and multi-level sub-account structures ensure users see only what they need.
• Secure development lifecycle (SDLC) practices are used.
• Code reviews and controlled change management are implemented.
• Environment segmentation and access controls are in place.
• Security and quality verification occurs before releases.
• The cloud environment is secure and aligned with enterprise control frameworks.
• Network segmentation and protection are in place.
• Hardened infrastructure receives regular updates.
• Continuous monitoring and alerting are performed.
• Incident response planning and escalation are in place.
• Operational security readiness and reviews occur.
• Ongoing vulnerability scanning is performed.
• Patch management and remediation are in place.
• Third-party risk is responsibly managed.
• Certain is trusted by many Fortune 500 companies.

FAQs

• Do you support SSO?

Yes. Certain supports SSO including SAML2, OAuth2, and OpenID Connect, enabling centralized identity management and enterprise authentication policies.

• Is Certain PCI compliant?

Yes. Certain maintains PCI DSS Level 1 compliance, with 6+ years of consecutive certification.

• Does Certain support GDPR and CCPA compliance?

Yes. Our platform supports GDPR and CCPA compliance with privacy controls including consent handling, data retention, and deletion processes.

• How does Certain protect customer data?

We use layered security controls including encryption in transit and at rest, strong access controls, monitoring, and disciplined operational processes.

• How do I obtain your SOC 2 report, PCI documents, or DPA?

Security and compliance documentation is available upon request by emailing us at help@certain.com.