![SGS-AFL-DigiComply Lead Visual-cmyk-tagline2022.jpg]](https://support.digicomply.com/hs-fs/hubfs/SGS-AFL-DigiComply%20Lead%20Visual-cmyk-tagline2022.jpg?height=40&name=SGS-AFL-DigiComply%20Lead%20Visual-cmyk-tagline2022.jpg){kind=small}
How We Protect Your Data
In this article, we describe how we protect your data.
ISO/IEC 27001 Certified Information Security
SGS Digicomply has been ISO/IEC 27001 certified since September 2021. This certification demonstrates our ongoing commitment to maintaining the highest standards of information security management and safeguarding the data entrusted to us by our clients.
Our Security Commitment
We process millions of data records from diverse sources across the consumer packaged goods industry. Our platform is trusted by leading compliance, quality, and safety teams worldwide to analyze documents, generate insights, create reports, and securely store business-critical information.
We understand that your regulatory compliance data is sensitive and mission-critical. That's why security is built into every layer of our infrastructure and operations.
Infrastructure Security
Google Cloud Platform Foundation
All client data is stored on Google Cloud Platform (GCP), where it benefits from enterprise-grade encryption and security controls. Access to data is restricted exclusively to authorized personnel. Our infrastructure administrators receive regular security updates through the Google Security Bulletin to maintain current protection standards.
Technical Infrastructure Details:
- Standalone VMs: Used primarily for development purposes, isolated from our production cluster network. These are manually updated based on usage requirements and version compatibility.
- Cluster Management: Production services run on GCP with node auto-upgrade enabled, ensuring automatic security patches through rolling updates without service disruption.
- Containerization: All application services are containerized using Docker. We prohibit manual installation of services directly on virtual machines. Only official, security-vetted Docker images are used as base images, following our strict security protocols.
Data Protection Standards
Environment Isolation
Development and test environments are completely isolated from production systems. Client data is never used for development purposes or model training. Our developers are not allowed to store client data on local development machines, ensuring your information remains within secure, controlled environments.
Data at Rest
All data stored on our platform is encrypted on disk within Google Cloud Platform's infrastructure, providing protection against unauthorized physical access.
Data in Transit
All publicly accessible services are available exclusively over HTTPS—the use of unencrypted HTTP is strictly prohibited. Our servers utilize TLS 1.3 for secure communication, ensuring your data is protected during transmission.
Ongoing Security Validation
Penetration Testing
We conduct comprehensive penetration tests every two years by independent security professionals. This regular testing cycle has been maintained since our initial ISO/IEC 27001 certification in 2021.
Continuous Vulnerability Monitoring
Security is not a one-time effort. We perform vulnerability scans and static code analysis after every change merged to our master branch, ensuring that new code deployments maintain our security standards before reaching production.
For specific questions about our security measures or additional documentation regarding compliance requirements, please contact our support team at digicomply.support@digicomply.com.