Back to HomeApexIQ Logo
Trust Center

Compliance & Certifications

Last updated: January 31, 2026

At ApexIQ, security, privacy, and compliance are foundational to our operations. We maintain industry-leading certifications and adhere to global regulatory standards to ensure the highest level of trust and data protection for our customers. This page outlines our compliance commitments, active certifications, and regulatory adherence.

1. Active Certifications

ApexIQ maintains the following industry-recognized security and privacy certifications, validated through independent third-party audits:

ISO 27001:2022

International standard for information security management systems

Valid until: March 2027

Certified

ISO 9001

Internationally recognized standard for Quality Management Systems (QMS)

Certified

Certification Reports

Our certification reports and attestations are available to customers under NDA. Contact our compliance team to request access.

Request Certification Reports

2. Regional Data Protection Compliance

We maintain compliance with data protection regulations across multiple jurisdictions to protect the privacy rights of users worldwide:

GDPREuropean Union

General Data Protection Regulation compliance for EU data subjects

CCPA / CPRAUnited States

California Consumer Privacy Act and Privacy Rights Act compliance

HIPAAUnited States

Health Insurance Portability and Accountability Act for healthcare data

UK GDPRUnited Kingdom

UK Data Protection Act and UK GDPR compliance

PIPEDACanada

Personal Information Protection and Electronic Documents Act

Privacy ActAustralia

Australian Privacy Principles (APPs) compliance

3. Security Framework & Standards

Our security program is built on industry best practices and frameworks:

NIST Cybersecurity Framework

Aligned with NIST CSF for comprehensive cybersecurity risk management

CIS Controls

Implementation of Center for Internet Security critical security controls

OWASP Top 10

Regular assessment and mitigation of OWASP security risks

Cloud Security Alliance

Adherence to CSA Cloud Controls Matrix (CCM) for cloud security

4. Infrastructure & Cloud Compliance

ApexIQ infrastructure is hosted on world-class cloud providers that maintain their own comprehensive compliance programs:

  • Amazon Web Services (AWS) - FedRAMP, PCI DSS, SOC 1/2/3, ISO 27001
  • Microsoft Azure - FedRAMP High, HIPAA/HITECH, ISO 27001/27018
  • Google Cloud Platform (GCP) - ISO 27001, SOC 2/3, PCI DSS Level 1

We leverage these providers' compliance certifications while maintaining our own security controls and certifications on top of the underlying infrastructure.

5. Independent Audits & Assessments

We undergo regular independent third-party audits to validate our security and compliance posture:

Annual SOC 2 Type II Audit

Conducted by qualified independent CPA firms, examining security, availability, confidentiality, and privacy controls over a 12-month period.

ISO 27001 Surveillance Audits

Annual surveillance audits by accredited certification bodies to maintain ISO 27001 certification, with full recertification every three years.

Penetration Testing

Quarterly penetration tests performed by certified ethical hackers to identify and remediate vulnerabilities.

Vulnerability Assessments

Continuous automated vulnerability scanning and monthly manual security assessments.

6. Continuous Compliance Monitoring

Our compliance program includes ongoing monitoring and improvement:

  • Real-time security monitoring and incident response
  • Automated compliance checks and controls validation
  • Regular policy and procedure reviews and updates
  • Employee security awareness training (quarterly)
  • Vendor risk assessments for third-party service providers
  • Internal audit program with quarterly reviews
  • Executive leadership oversight through Security & Compliance Committee

7. Industry-Specific Compliance

7.1 Financial Services

  • PCI DSS Level 1 Service Provider (for payment card data processing)
  • SOX compliance support for financial reporting controls
  • GLBA compliance for financial institution customers

7.2 Healthcare

  • HIPAA Business Associate Agreement (BAA) available
  • HITECH Act compliance for electronic health records
  • FDA 21 CFR Part 11 support for regulated customers

7.3 Government & Public Sector

  • FedRAMP In Process (planned certification 2027)
  • StateRAMP compliance for state and local government
  • ITAR compliance support for defense contractors

8. Data Residency & Sovereignty

We offer flexible data residency options to meet regional data sovereignty requirements:

  • United States (US-East, US-West)
  • European Union (Frankfurt, Ireland)
  • United Kingdom (London)
  • Asia Pacific (Singapore, Sydney, Tokyo)
  • Canada (Montreal)

Customer data is stored and processed in the selected region, with cross-border transfers conducted in accordance with applicable data protection laws and using approved transfer mechanisms (Standard Contractual Clauses, adequacy decisions, etc.).

9. Compliance Inquiries

For questions about our compliance program, certification reports, or specific regulatory requirements:

ApexIQ Compliance & Trust Team

For any email privacy or security-related issues, please contact us at [email protected]

Note: ApexIQ is committed to maintaining the highest standards of security and compliance. This page is updated regularly to reflect our current certifications and compliance status. For the most up-to-date information or to request compliance documentation, please contact our compliance team. All certifications and compliance programs are subject to periodic renewal and assessment.