Zact Certifications and Accreditations

Zact is committed to building trust with our customers by aligning our privacy practices with industry-standard certifications and accreditations. To that end, we have maintained current certifications in the following:

SOC 1 Types I and II         
SOC 2 Types 1 and II      
PCI DSS                              
GDPR                                
CCPA                                  

since 2020
since 2020
since 2020
expected 12/2021
expected 12/2021

Certification image

Zact understands how valuable customer data is and what it takes to keep it safe and protected. This extensive list of certifications is a testament to our dedication to data security and privacy. Consider what it implies if your vendor doesn’t offer these certifications at all - a serious risk that you need to consider during any due diligence analysis. Strictly speaking, there’s no requirement for any vendor pass these tests–clients and prospects must insist upon it.

SOC2
Since 2020
PCI
Since 2020
ccpa
Expected 12/2021*
GDPR
Expected 12/2021*

What do these certifications mean?

SOC2
SOC 1
Service Organization Control 1(SOC 1) is designed for financial transaction processing. It is primarily used to validate controls over the completeness and accuracy of monetary transactions and financial statement reporting. Type I tests controls at a point in time and Type II test them over a period of time.
Find our more here
arrow
SOC2
SOC 2
SOC2 is designed to certify the security, processing integrity, availability, confidentiality, and/or privacy of hosted systems and the data they store or process. Service organizations are held to a standardized set of controls criteria for each of the principles covered in their report. Type I tests controls at a point in time and Type II test them over a period of time
Find our more here
arrow
SOC1
SOC 2
(Since 2020)
SOC 2 is designed to certify the security, processing integrity, availability, confidentiality, and/or privacy of hosted systems and the data they store or process. Service organizations are held to a standardized set of controls criteria for each of the principles covered in their report. Type I tests controls at a point in time and Type II test them over a period of time.
Find our more here:
arrow
PCI
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is a requirements framework which aims to ensure secure payment card transactions by reducing fraud and data breaches across the entire payment ecosystem. It is applicable to any organization that accepts or processes payment cards and is recognized as the global standard for securing cardholder data.
Find our more here
arrow
GDPR
GDPR
The General Data Protection Regulation (GDPR) is an EU regulation on data protection and privacy. It also addresses the transfer of personal data outside the EU. The GDPR's primary aim is to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Find our more here
arrow
ccpa
CCPA
The California Consumer Privacy Act(CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States. It regulates how businesses allover the world are allowed to handle the personal information of California residents. It allows any California consumer to demand to see all the information a company has saved on them, as well as a full list of all the third parties that data is shared with.
Find our more here
arrow