Security & Compliance

Frictionless Login. Zero-Trust Control. Certified Assurance.

Credenti secures access across desktops, mobile, and offline environments with passwordless authentication, phishing-resistant MFA, and support for GDPR, HIPAA, SOC 2, and more—tailored to the needs of highly regulated organizations.

Our Security Commitment

  • End-to-End Encryption: AES-256 encryption for data at rest and TLS 1.2+ with certificate pinning for data in transit.
  • Tenant Isolation: Each customer’s data is protected with HSM-backed keys and isolated encryption domains.
  • PII Protection: Controls like data minimization, access logging, and policy-bound access enforce the safeguarding of personally identifiable information (PII).
  • Phishing-Resistant Authentication: Enforced device-bound FIDO2 passkeys and biometrics for secure user verification.
  • Fallback Without Phones: Enable MFA via smartcards, desktop prompts, or policy-based methods—no phones or tokens required.
  • Secrets & Key Management: Secrets are managed via AWS KMS or HashiCorp Vault with Kubernetes-native lifecycle enforcement and policy-controlled access.
  • Real-Time Threat Detection: Behavioral monitoring and continuous diagnostics to detect anomalies and enforce policy at runtime.
  • Zero Trust Enforcement: Fine-grained policy rules enforce least privilege access and step-up authentication where needed.

Security Certifications for Identity Compliance

AICPA SOC logo representing System and Organization Controls for service organizations

SOC 1 Type II

Assures internal controls over financial reporting are independently audited and validated. Credenti supports this by implementing strict access control, audit logging, and role-based delegation across its administrative features.

Please use this link to download a copy of the SOC 1 summary report. Customers can request a full report on controls from their CSM or sales contact.

AICPA SOC logo representing System and Organization Controls for service organizations

SOC 2 Type II

Confirms controls for security, availability, and confidentiality are in place and operating effectively. Credenti enforces these principles through encrypted data flows, continuous monitoring, and tenant-level isolation.

Please use this link to download a copy of the SOC 2 summary report. Customers can request a full report on controls from their CSM or sales contact.

Compliance Standards We Support

U.S. Securities and Exchange Commission seal representing SOX financial compliance

Sarbanes–Oxley (SOX):

Credenti supports SOX compliance by enforcing strong access controls, detailed audit logging, and user accountability aligned with financial reporting integrity requirements.Assures internal controls over financial reporting are independently audited and validated. Credenti supports this by implementing strict access control, audit logging, and role-based delegation across its administrative features.

PCI DSS logo symbolizing payment card industry data standards

PCI DSS:

Credenti enables PCI DSS compliance by securing access to systems handling payment data with multi-factor authentication, strong encryption, and detailed access logs.Confirms controls for security, availability, and confidentiality are in place and operating effectively. Credenti enforces these principles through encrypted data flows, continuous monitoring, and tenant-level isolation.

GDPR logo symbolizing data privacy and protection regulations in the EU

GDPR:

Credenti supports GDPR compliance by helping organizations protect personally identifiable information (PII) through data minimization, user consent management, and audit-ready access logs for all user interactions.

NIST 800-53/63 logo representing federal cybersecurity and access control frameworks

NIST 800-63B:

Credenti implements identity assurance levels and secure authentication guidelines including phishing-resistant MFA as defined by NIST 800-63B.

HIPAA logo representing health information privacy and security

HIPAA:

Credenti enforces HIPAA requirements with secure login workflows, audit trails, and access controls for electronic protected health information (ePHI).

CCPA seal representing consumer data privacy rights in California

CCPA:

Credenti enables CCPA compliance by facilitating user rights such as data access, deletion, and transparency around identity authentication and data usage.

NIS2 logo representing EU cybersecurity directive for critical infrastructure

NIS2 Directive:

Credenti supports identity-focused NIS2 requirements with access governance and zero-trust enforcement for critical infrastructure providers.

PSD2 logo representing Strong Customer Authentication for financial services in the EU

PSD2:

Credenti helps financial services meet PSD2 Strong Customer Authentication (SCA) mandates with multi-factor login flows and secure device-bound authentication methods.

FDA 21 CFR Part 11:

Supports compliance for electronic records and digital signatures in life sciences and healthcare environments. Credenti enables biometric authentication, timestamped audit trails, and user accountability for all actions.

Compliance-Ready Deployment Options

  • SaaS (AWS): Hosted in U.S. and EU regions with AWS-native security, monitoring, and regional compliance support
  • Private Cloud: Region-specific hosting with dedicated KMS and IAM
  • On-Premise: Offline or air-gapped deployments for classified or sensitive data
  • Org-level Isolation: Credenti supports isolated environments for sub-organizations, departments, or agencies, enabling strict separation of identity and access policies within a shared infrastructure.

Security Documents & Policies

External Testing & Controls

  • Annual penetration tests by certified third-party firms
  • SAST/DAST scans for code and application layers
  • Audit trails for all authentication and policy events
  • Immutable logs exportable to SIEM platforms