Liquid Web takes security and compliance seriously. Our commitment to these efforts ensures that anyone choosing Liquid Web can do so with complete confidence.
Below is a list of the certifications that we have earned regarding data and data center security.
SOC 3 Report
In addition to issuing a SOC 2 SSAE 16 report for our clients who may be concerned about our controls regarding their financial statement reporting, Liquid Web also engaged our independent CPA firm to perform a review in order to produce a SOC 3 report. The SOC 3 report offers a slightly more streamlined level of reporting. Our SOC 3 report was produced to address risks related to IT in critical areas including:
- Security: The system is protected, both logically and physically, against unauthorized access
- Availability: The system is available for operation and use as committed or agreed to.
EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework
Liquid Web complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce. The collection, use, and retention of personal information transferred from European Union and Switzerland to the United States follows those regulations. Liquid Web has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/participant?id=a2zt0000000L1QYAA0&status=Active.
HIPAA Compliant Solutions/HiTech
Liquid Web has been validated by an independent auditing firm and confirmed that our managed dedicated, and cloud dedicated solutions are compliant with HIPAA security and privacy guidelines including administrative, physical and technical safeguard measures.
PCI - AOC
The Attestation of Compliance Report (AOC) is a summary of the Report on Compliance (ROC) that is produced during onsite PCI DSS assessments. The AOC is effectively a summary of ROC indicating controls have been meet to meet the requirements of PCI DSS.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR EU 2016/679), which replaces the EU Data Protection Directive (known as Directive 95/46/EC), is a European privacy law. The aim of GDPR is to strengthen data privacy and protection for individuals within the European Union (EU) as well as the transfer of EU personal data outside of the EU. It became enforceable on May 25, 2018.
Liquid Web complies with EU data protection laws regarding the international transfer of data. Specifically, Liquid Web self-certifies under the EU-US Privacy Shield and the Swiss-US Privacy Shield which address the transfer of data from the EU and Switzerland to the US. Liquid Web also offers the EU Standard Contractual Clauses to meet the data security requirements for its EU customers.
Liquid Web customers can download a signed DPA at https://manage.liquidweb.com/manage/account/#policies.
View a list of Liquid Web Sub-Processors at https://www.staging.liquidweb.com/about-us/policies/sub-processor-list/