Industry and Regulation Compliance
ConnectWise is routinely and thoroughly audited by independent third-party organizations and government agencies to ensure our products and practices comply with global and regional regulations and standards.
System and Organization Controls (SOC) 2
SOC 2 is a report on a service organization’s controls relevant to security, availability, processing integrity, confidentiality, or privacy using up to five trust principles. A given SOC 2 report may be based on one or more trust principles.
ConnectWise Services and Offerings have been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®) for the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles. Our current SOC 2 reporting period covers May 1 through October 31, 2020. Our current audit period spans from November 1, 2020 through June 30, 2021.
To request a specific report for one of our offerings, please email Compliance@ConnectWise.com. For current partners to request a bridge letter on a covered offering, please email Compliance@ConnectWise.com.
System and Organization Controls (SOC) 3
SOC 3 is a report, like the SOC 2, on a service organization’s controls relevant to security, availability, processing integrity, confidentiality, or privacy. However, a SOC 3 can be distributed for general use and only states whether or not the entity has achieved the Trust Service criteria, without any description of tests, results or opinions.
ConnectWise Services have been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®) for the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles. The SOC 3 general use report for whether or not the Trust Service criteria was achieved is available for the following services:
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is US legislation that provides data privacy and security provisions for safeguarding Protected Health Information (PHI). HIPAA applies to covered entities and business associates.
The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of PHI. The HIPAA Breach Notification Rule requires covered entities and their business associates to provide notification following a breach of unsecured PHI. By law, the Privacy Rule applies only to covered entities (e.g., health plans, healthcare clearinghouses, and certain healthcare providers). However, parts may be applicable to business associates.
To request a business associate agreement (BAA) for one of our offerings please email Compliance@ConnectWise.com.
ConnectWise has successfully completed third-party HIPAA assessments for the following services and offerings:
We are members of the EU-US and Swiss-US Privacy Shield Framework with respect to processing personal data on behalf of our customers established in the European Union and Switzerland.
General Data Protection Regulation (GDPR) and other privacy regulations
We have made information security and data privacy foundational principles of everything we do, and we recognize the importance of passing regulations to advance information security and data privacy for citizens of the EU and elsewhere in the world. By designing products with privacy and security in mind, we are able to provide you with products that help you meet various aspects of these compliance regimes and to support you in creating a more secure environment.
Standardized Information Gathering Questionnaire
ConnectWise is a member of the Shared Assessments, an industry group focused on standardizing the risk assessment and compliance gathering activities used by companies across all industries. We utilize the standard information gathering tool created and maintained by Shared Assessments. The SIG is a comprehensive set of questions used to provide answers to standard questions used to assess third party and vendor risk. It is updated every year in order to keep up with the ever-changing risk environment and priorities and ConnectWise updates the information within our SIG regularly. Learn about the regulations, standards and guidelines to which the SIG maps here.
To request a copy of ConnectWise’s SIG, please email Compliance@ConnectWise.com.