Redpoint's security standards and compliance
At Redpoint Global, we are committed to ensuring the security, privacy, and compliance of our systems and processes. Through adherence to internationally recognized standards and frameworks, we demonstrate our dedication to maintaining the trust and confidence of our clients.
ISO/IEC 27001:2022 Certified
Redpoint Global is ISO/IEC 27001:2022 certified, showcasing our robust approach to managing information security through a comprehensive Information Security Management System (ISMS).
Scope of Certification: The ISMS covers all Redpoint computer systems and facilities, targeting Executive Management, employees, contractors, and partners. Systems are hosted on Microsoft Azure, Amazon Web Services, and Google Cloud Platform, with operations based in the USA and UK, as detailed in the Redpoint Global Statement of Applicability ISO27001.
This certification reflects our adherence to international standards for identifying and mitigating information security risks, as well as maintaining continual improvement.
SOC 2 Type 2 Attestation
We have successfully completed a SOC 2 Type 2 attestation, which validates that our systems and controls align with the AICPA’s Trust Services Criteria for security, availability, and confidentiality.
Scope of Attestation: The SOC 2 Type 2 report evaluates Redpoint Global Inc.’s Customer Data Platform Services (“CDP Services”) system. It assesses the design and operating effectiveness of controls to meet the AICPA Trust Services Criteria for Security, Availability, and Confidentiality. The report also highlights the reliance on complementary sub-service organization controls necessary to achieve Redpoint’s service commitments and system requirements. A list of our sub-processors is available at Redpoint Sub-Processors.
This independent attestation provides our clients with confidence that their data is handled securely and reliably within our systems.
HIPAA-Compliant Processes
Redpoint Global implements rigorous safeguards to ensure the privacy and security of Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA).
Scope and Objectives: Our HIPAA compliance efforts focus on the Administrative, Physical, and Technical Safeguards as outlined in the Security Final Rule, specifically for Redpoint’s CDP Services system. These include:
Administrative Safeguards: Security management processes, workforce security, information access management, security awareness and training, incident response, contingency planning, and business associate agreements.
Physical Safeguards: Facility access controls, secure workstation use, portable device controls, and workstation security.
Technical Safeguards: Audit controls, data integrity, user authentication, and secure data transmission.
Organizational Requirements: Business associate agreements (BAAs) with compliant security measures.
Policies and Procedures: Implementation of documented policies to ensure adherence to HIPAA standards and requirements.
While HIPAA does not have a formal certification mechanism, our practices are designed to meet and exceed regulatory requirements, ensuring that PHI entrusted to us is managed with the utmost care and security.
Requesting Certification or Attestation Documents
If you are an interested party requiring a copy of our ISO/IEC 27001:2022 certification, SOC 2 Type 2 attestation report, or further details on our HIPAA compliance efforts, please contact us at secure@redpointglobal.com. We will provide the requested documentation after establishing a mutual non-disclosure agreement (mNDA).
Transparency in Certification and Compliance
Redpoint Global ensures that all references to certifications and compliance accurately reflect their scope and purpose. We strictly adhere to the guidelines for the use of certification logos and marks, maintaining transparency and avoiding any misleading statements.