Industry and Regulation Compliance

ConnectWise is routinely and thoroughly audited by independent third-party organizations to ensure our products and practices comply with global and regional regulations and standards.

SOC 3 is a report, like the SOC 2, on a service organization’s controls relevant to security, availability, processing integrity, confidentiality, or privacy. However, a SOC 3 can be distributed for general use and only states whether or not the entity has achieved the Trust Service criteria, without any description of tests, results or opinions.

ConnectWise Services have been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®) for the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles. The SOC 3 general use report for whether or not the Trust Service criteria was achieved is available for the following services:

• ConnectWise Automate
  View the report >
• ConnectWise Co-Managed Backup (formerly ConnectWise Recover)
  View the report >
• ConnectWise RMM (formerly ConnectWise Command)
  View the report >
  
• ConnectWise PSA (ConnectWise Manage)
  View the report >
  
• ConnectWise CPQ (formerly ConnectWise Sell)
  View the report >
  
• BrightGauge, a ConnectWise Solution
  View the report >
  
• ConnectWise Identify Assessment (formerly ConnectWise Identify)
  View the report >
  
• ITBoost, a ConnectWise Solution
  View the report >
  
• Cloud Billing (formerly ConnectWise Unite)
  View the report >
• ConnectWise Co-Managed SIEM (formerly Stratozen)
  View the report >
• Cyber Security Management (formerly ConnectWise Fortify)
  View the report >
  
• ConnectWise SIEM (formerly Perch Security)
  View the report >
  
• ConnectWise ScreenConnect™
  View the report >

SOC 2 is a report on a service organization’s controls relevant to security, availability, processing integrity, confidentiality, or privacy using up to five trust principles. A given SOC 2 report may be based on one or more trust principles.  

ConnectWise Services and Offerings have been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®) for the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles. 

To request a specific report for one of our offerings, please email Compliance@ConnectWise.com. For current partners to request a bridge letter on a covered offering, please email Compliance@ConnectWise.com.

• ConnectWise RMM
• ConnectWise Automate
• Brightgauge, a ConnectWise Solution
• ConnectWise Cybersecurity Management
• ConnectWise ScreenConnect™
• ConnectWise Identify
• ConnectWise BCDR
• ConnectWise PSA
• ConnectWise CPQ
• ITBoost, a ConnectWise Solution

The International Organization for Standardization (ISO®) publishes various certification standards. ISO provides standards and guidance for cybersecurity, data protection, artificial intelligence, quality and environmental compliance to name but a few. Organizations can certify against these standards through independent third-party audits. Further assurances can be provided by the Cloud Security Alliance based on ISO 27001 (cybersecurity) and ISO 27701 (data protection) certification and SOC2 assurance reports.

The ConnectWise Cloud Backup (formerly SkyKick Cloud Backup) and ConnectWise SAAS Security (formerly SkyKick Security Manager) services which were acquired by ConnectWise from SkyKick in September 2024 have been certified against the following standards: ISO 27001:2013, ISO 27701:2019 and Cloud Security Alliance STAR level 2 certification.

To request a copy of the ISO27001, ISO27701 and CSA STAR level 2 certifications for ConnectWise Cloud Backup and ConnectWise SAAS Security offerings please email Compliance@ConnectWise.com.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is US legislation that provides data privacy and security provisions for safeguarding Protected Health Information (PHI). HIPAA applies to covered entities and business associates. 

The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of PHI. The HIPAA Breach Notification Rule requires covered entities and their business associates to provide notification following a breach of unsecured PHI. By law, the Privacy Rule applies only to covered entities (e.g., health plans, healthcare clearinghouses, and certain healthcare providers). However, parts may be applicable to business associates. 

To request a business associate agreement (BAA) for one of our offerings please email Compliance@ConnectWise.com.

ConnectWise has successfully completed third-party HIPAA assessments for the following services and offerings:

• ConnectWise RMM
• ConnectWise Automate
• Brightgauge, a ConnectWise Solution
• ConnectWise Cybersecurity Management
• ConnectWise ScreenConnect™
• ConnectWise Identify
• ConnectWise BCDR
• ConnectWise PSA
• ConnectWise CPQ
• ITBoost, a ConnectWise Solution

We are members of the EU-US and Swiss-US Privacy Shield Framework with respect to processing personal data on behalf of our customers established in the European Union and Switzerland.

The EU-U.S. DPF, UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF were respectively developed by the U.S. Department of Commerce and the European Commission, UK Government, and Swiss Federal Administration to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union, United Kingdom, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law.

ConnectWise has certified compliance under the Data Privacy Framework and the Data Privacy Framework Principles, and the commitments they entail but does not rely on it solely for data transfer to the United States. Please consult the data processing addendum for more details on this.

Learn more >>

We have made information security and data privacy foundational principles of everything we do, and we recognize the importance of passing regulations to advance information security and data privacy for citizens of the EU and elsewhere in the world. By designing products with privacy and security in mind, we are able to provide you with products that help you meet various aspects of these compliance regimes and to support you in creating a more secure environment.

ConnectWise Cloud Backup (formerly SkyKick Cloud Backup) and ConnectWise SAAS Security (formerly SkyKick Security Manager) are also verified for their GDPR compliance by Scope Europe on an annual basis for their adherence to the Data Pro Code.

Learn more >>

ConnectWise is a member of the Shared Assessments, an industry group focused on standardizing the risk assessment and compliance gathering activities used by companies across all industries. We utilize the standard information gathering tool created and maintained by Shared Assessments. The SIG is a comprehensive set of questions used to provide answers to standard questions used to assess third party and vendor risk. It is updated every year in order to keep up with the ever-changing risk environment and priorities and ConnectWise updates the information within our SIG regularly. Learn about the regulations, standards and guidelines to which the SIG maps here. 

To request a copy of ConnectWise’s SIG, please email Compliance@ConnectWise.com.