Industry and Regulation Compliance

ConnectWise is routinely and thoroughly audited by independent third-party organizations and government agencies to ensure our products and practices comply with global and regional regulations and standards.

SOC 3 is a report, like the SOC 2, on a service organization’s controls relevant to security, availability, processing integrity, confidentiality, or privacy. However, a SOC 3 can be distributed for general use and only states whether or not the entity has achieved the Trust Service criteria, without any description of tests, results or opinions.

ConnectWise Services have been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®) for the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles. The SOC 3 general use report for whether or not the Trust Service criteria was achieved is available for the following services:

• ConnectWise Automate
  View the report >
• ConnectWise Co-Managed Backup (formerly ConnectWise Recover)
  View the report >
• ConnectWise RMM (formerly ConnectWise Command)
  View the report >
  
• ConnectWise PSA (ConnectWise Manage)
  View the report >
  
• ConnectWise CPQ (formerly ConnectWise Sell)
  View the report >
  
• BrightGauge, a ConnectWise Solution
  View the report >
  
• ConnectWise Identify Assessment (formerly ConnectWise Identify)
  View the report >
  
• ITBoost, a ConnectWise Solution
  View the report >
  
• Cloud Billing (formerly ConnectWise Unite)
  View the report >
• ConnectWise Co-Managed SIEM (formerly Stratozen)
  View the report >
• Cyber Security Management (formerly ConnectWise Fortify)
  View the report >
  
• ConnectWise SIEM (formerly Perch Security)
  View the report >
  
• ConnectWise ScreenConnect™
  View the report >

SOC 2 is a report on a service organization’s controls relevant to security, availability, processing integrity, confidentiality, or privacy using up to five trust principles. A given SOC 2 report may be based on one or more trust principles.  

ConnectWise Services and Offerings have been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®) for the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles. 

To request a specific report for one of our offerings, please email Compliance@ConnectWise.com. For current partners to request a bridge letter on a covered offering, please email Compliance@ConnectWise.com.

• ConnectWise RMM
• ConnectWise Automate
• Brightgauge, a ConnectWise Solution
• ConnectWise Cybersecurity Management
• ConnectWise ScreenConnect™
• ConnectWise Identify
• ConnectWise BCDR
• ConnectWise PSA
• ConnectWise CPQ
• ITBoost, a ConnectWise Solution

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is US legislation that provides data privacy and security provisions for safeguarding Protected Health Information (PHI). HIPAA applies to covered entities and business associates. 

The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of PHI. The HIPAA Breach Notification Rule requires covered entities and their business associates to provide notification following a breach of unsecured PHI. By law, the Privacy Rule applies only to covered entities (e.g., health plans, healthcare clearinghouses, and certain healthcare providers). However, parts may be applicable to business associates. 

To request a business associate agreement (BAA) for one of our offerings please email Compliance@ConnectWise.com.

ConnectWise has successfully completed third-party HIPAA assessments for the following services and offerings:

• ConnectWise RMM
• ConnectWise Automate
• Brightgauge, a ConnectWise Solution
• ConnectWise Cybersecurity Management
• ConnectWise ScreenConnect™
• ConnectWise Identify
• ConnectWise BCDR
• ConnectWise PSA
• ConnectWise CPQ
• ITBoost, a ConnectWise Solution

We are members of the EU-US and Swiss-US Privacy Shield Framework with respect to processing personal data on behalf of our customers established in the European Union and Switzerland.

We have made information security and data privacy foundational principles of everything we do, and we recognize the importance of passing regulations to advance information security and data privacy for citizens of the EU and elsewhere in the world. By designing products with privacy and security in mind, we are able to provide you with products that help you meet various aspects of these compliance regimes and to support you in creating a more secure environment.

ConnectWise is a member of the Shared Assessments, an industry group focused on standardizing the risk assessment and compliance gathering activities used by companies across all industries. We utilize the standard information gathering tool created and maintained by Shared Assessments. The SIG is a comprehensive set of questions used to provide answers to standard questions used to assess third party and vendor risk. It is updated every year in order to keep up with the ever-changing risk environment and priorities and ConnectWise updates the information within our SIG regularly. Learn about the regulations, standards and guidelines to which the SIG maps here. 

To request a copy of ConnectWise’s SIG, please email Compliance@ConnectWise.com.