Secure and Reliable Performance Management

Reflektive meets or exceeds all industry-standard business data security and privacy practices to protect our customers.

aicpa service organization SOC 2 badge

Reflektive is SOC 2 Type II Compliant

Reflektive has maintained SOC2 Type II compliance for 2 years and counting. Service Organization Controls (SOC) exist to validate a company’s controls and ensure industry standards are followed. Our SOC 2 Type II report was prepared in accordance with the Statement on Standards for Attestation Engagements No. 16 (a.k.a SSAE 16) and documents operational policies and procedures for Reflektive’s system of internal controls.



privacy shield framework logo

What is the U.S.-EU Privacy Shield?

Privacy Shield is a joint certification from the U.S. Department of Commerce, European Commission, and Swiss Administration that affirms that Reflektive adheres to privacy practices that comply with EU data protection laws and Swiss data protection laws. This gives EU and Swiss companies confidence that they can allow Reflektive to store their data in US-based datacenters, and helps Reflektive avoid the cost and overhead of hosting data in the EU.

What is the GDPR?

The GDPR is a European Union regulation that establishes a new framework for handling and protecting the personal data of EU-based residents. It comes into effect on May 25, 2018.

One of the aims of the GDPR is to harmonize and bring data privacy laws across Europe up to speed with the rapid technological change in the past two decades. It builds upon the current legal framework in the European Union, including the EU Data Protection Directive in existence since 1995.

Reflektive Keeps You Secure

Data Encryption
As per industry best-practices HTTPS and Transport Layer Security (TLS)

white icon lock

Web Application Security
Follows industry-standard secure coding guidelines

black and white graphic shield

Physical & Network Security
Hosts data in dedicated facilities with 24x7 security

Security & Compliance FAQs

How is security and privacy compliance enforced?

Reflektive is SOC 2 Type 2 compliant, a standard that specifies best practices and various security controls. SOC 2 is specifically designed for service providers storing customer data in the cloud.  SOC 2 applies to any company storing customer data in the cloud in order to minimize risk and exposure to that data, and defines criteria for managing customer data based on five “trust service principles” – security, availability, processing integrity, confidentiality and privacy. Reflektive provides a secure environment that goes above and beyond industry security standards and guidelines. 

The U.S.-EU Privacy Shield compliance is granted via application to the US Department of Commerce. Reflektive provided evidence of data protection practices and committed publicly to follow those practices, and was then certified. Reflektive’s status can be found at the Privacy Shield List.

How does Reflektive protect sensitive information?

Sensitive information is stored using several layers of encryption in a segmented network with no public internet access. New encryption keys are generated on a daily basis, and existing keys are rotated on a regular basis.

Does Reflektive follow Web application development and security standard policies?

Reflektive application development follows industry-standard secure coding guidelines. Application is segmented by function to maintain security.  Each of our software releases are tested by QA and security teams for full scope of OWASP security risks.

How does Reflektive secure physical and network access?

Reflektive is hosted in a dedicated hosting environment with 24×7 security. Physical access to the network is strictly limited and monitored. Private networks are strictly segmented according to function. Restrictive firewalls protect communication entering the network and between private networks. All access to Reflektive’s network and services is strictly logged. Audit logs are reviewed on a regular basis. Internal and external network penetration tests are performed on a regular basis by third-parties. Two-factor authentication and strong password controls are required for administrative access.

Is Reflektive GDPR compliant?

In 2018, Reflektive achieved GDPR compliance. Organizations established in the EU or employing EU-based individuals can rest assured that Reflektive is handling their personal information in accordance with the latest EU laws.

Does Reflektive maintain documentation of corporate Technical and Organizational Measures (TOMs)?

For more information about our policies and practices regarding personal information, please read Reflektive Technical and Organizational Measures