Trust center

Privacy and security are important to us. So is transparency.

Our Trust Center is your guide to how we collect, use, and protect data. If you have any questions that aren’t answered here, please reach out.
Contact us

Audits & Governance

We are committed to maintaining high standards of data security and privacy for our customers. To achieve this, we have adopted the Secure Controls Framework (SCF)'s integrated controls model. This framework provides a comprehensive set of controls that cover all aspects of our operations, including data security, privacy, governance, risk management, and compliance.

ISO 27001

ISO 27001 is a globally recognized standard for the establishment and certification of an information security management system (ISMS). Our entire information security program is built on the ISO 27001 framework and we are audited annually.

  • ISO 27001 certificate
  • ISO 27001 report

SOC 2 Type 2

Suzy undergoes a SOC 2 Type 2 examination of our security controls against the AICPA defined standards on an annual basis with a third party audit firm to ensure the security of our platform.

  • SOC 2, Type II report

ISO 27701

ISO 27701 is a globally recognized standard for the establishment and certification of a privacy information management system (PIMS) that builds on ISO 27001. Our privacy program is built on the ISO 27701 framework.

  • ISO 27701 certificate
  • ISO 27701 report

ISO 42001

ISO 42001 is a globally recognized standard for the establishment and certification of an Artificial Intelligence Management System (AIMS). Our AI governance program is built on the Secure Controls Framework with cross-walk to the ISO 42001 framework, and we are audited annually against ISO 42001 standards.

  • ISO 42001 certificate

Security

We’re built with a secure foundation and designed with robust compliance features.

Suzy Security Statement
Access control (authentication and authorization)
Data encryption at rest and in transit
Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data
Services hosted by trusted data centers that are independently audited using the industry standard SSAE-18 method
Continuous network and security monitoring
Vulnerability management
Incident response and recovery
Security awareness training
Periodic independent 3rd-party security reviews and penetration testing

Status

Suzy's status page for real-time and historical data on system performance.

View Status

Access our Trust Portal

Need to vet our compliance posture for your RFP or 3rd party risk management process? Visit our Trust Portal for access to an in-depth overview of our product security, our privacy and data protection measures, and supporting documentation for our compliance posture.

trust.suzy.com