Compliance

Duff Cloud Services is committed to maintaining the highest standards of compliance and regulatory adherence to support businesses across various industries.

Compliance Frameworks

SOC 2 Type II

Annual third-party audit of our security, availability, processing integrity, confidentiality, and privacy controls.

View Report →

ISO 27001:2013

International standard for information security management systems (ISMS).

View Certificate →

PCI DSS Level 1

Payment Card Industry Data Security Standard compliance for secure payment processing.

View AOC →

HIPAA

Health Insurance Portability and Accountability Act compliance for healthcare applications.

View BAA →

Data Privacy Regulations

GDPR (General Data Protection Regulation)

Full compliance with European Union data protection laws, including data subject rights, consent management, and cross-border data transfer protections.

Data Subject Rights

  • • Right to access
  • • Right to rectification
  • • Right to erasure
  • • Right to data portability

Technical Measures

  • • Data encryption
  • • Access controls
  • • Data minimization
  • • Privacy by design

CCPA (California Consumer Privacy Act)

Compliance with California's privacy law, providing consumers with rights regarding their personal information and how it's collected, used, and shared.

Industry-Specific Compliance

Financial Services

  • • SOX (Sarbanes-Oxley) compliance
  • • GLBA (Gramm-Leach-Bliley Act)
  • • FFIEC guidelines
  • • PCI DSS for payment processing

Healthcare

  • • HIPAA/HITECH compliance
  • • FDA 21 CFR Part 11
  • • GDPR for EU patients
  • • Business Associate Agreements

Government

  • • FedRAMP authorization
  • • FISMA compliance
  • • NIST Cybersecurity Framework
  • • ITAR compliance

Education

  • • FERPA compliance
  • • COPPA for children's data
  • • Student privacy protections
  • • EdTech privacy standards

Audit & Documentation

Regular Audits

Third-party security and compliance audits conducted annually with interim assessments.

Documentation

Comprehensive policies, procedures, and controls documentation available to customers.

Continuous Monitoring

Real-time monitoring of compliance controls with automated alerting and reporting.

Customer Support

Compliance Assistance

Our compliance team is here to help you meet your regulatory requirements:

  • • Compliance questionnaire assistance
  • • Risk assessment support
  • • Audit preparation and documentation
  • • Custom compliance configurations
  • • Regulatory change notifications

Shared Responsibility Model

Our Responsibility

  • • Infrastructure security
  • • Platform compliance
  • • Data center controls
  • • Network security
  • • Identity and access management

Your Responsibility

  • • Application-level security
  • • Data classification
  • • User access management
  • • Configuration management
  • • Incident response procedures

Contact Compliance Team

Have questions about our compliance programs or need assistance with your regulatory requirements?

Email: compliance@duffcloudservices.com
Phone: +1-800-DUFF-CLOUD