Select Page

Compliance and certificationsAlways Secure, Certainly Compliant

Communication processes used by international companies are facing increasingly stringent compliance requirements. With Retarus’ Enterprise Cloud it’s easy for you to comply with internal policies and external regulations, consistently and company-wide.

Complete Protection from the Cloud

With us, your data remains available, intact, and confidential – anywhere in the world. To ensure this, Retarus uses a security framework and an information security management system (ISMS) audited according to ISAE 3000 SOC2 Type II and certified in accordance with DIN EN ISO/IEC 27001:2017. This allows us to support you in your compliance with your international standards and individual control sets, regardless of which Retarus Cloud Service you use.

Made in Europe

IT Security Made in Europe

Teilnehmer der Allianz für Cyber-Sicherheit

Retarus Cloud Services: Internationally Compliant.

  • ISAE 3402 (SOC1) Type II
  • ISAE 3000 (SOC2) Type II
  • ISO 27001 (DIN EN ISO/IEC 27001:2017)
  • HIPAA
  • DSGVO/GDPR/Bundesdatenschutzgesetz
  • PCI-DSS
  • TISAX
  • TX-RAMP
  • FSQS-NL
  • ENS

We consider the data of our employees and business partners to be valuable property and protect it globally, while considering all locally applicable laws and regulations. We consistently comply with all relevant data privacy regulations and commit ourselves to handling confidential information with great care.

Retarus Code of Conduct

Signed and Sealed

With Retarus Cloud Services you can be sure that you are in compliance with all relevant regulations. The internal control system ensures that your business-critical data and information receives the highest level of protection in accordance with ISAE 3402. Furthermore, Retarus is PCI DSS Level 2 verified, ENS certified, and supports industry standards such as TISAX. As a European company, we fully comply with the GDPR. In addition, our Security Framework includes best practices from the ISO 27000 series, as well as the IT basic protections of the German Federal Office for Information Security (BSI).

AICPA certificate
PCI DSS compliance
Certificación de conformidad con el ENS
TISAX
HIPAA certificate
CSA Certified Senders Alliance
CSA Certified Senders Alliance
FSQS-NL Certification Logo
TX-Ramp Certification Logo
KPMG certificate
HIPAA and others

Particularly important for the United States of America health care system are the regulations put forth by HIPAA and HITECH Act, as well as industry standards such as HL7. They stipulate the highest level of sensitivity when handling confidential patient and health care data.

TISAX
Retarus successfully completed the TISAX Audit for Information Processing with “high protection standards” for the automotive industry. TISAX is meant to ensure that all participants in the automotive value chain are at a comparable IT security level. A significant advantage for manufacturers and suppliers is that they no longer have to audit certified service providers anymore.
ISAE 3402 / SSAE 18 / SOC 1
ISAE 3402 (also SSAE 18 or SOC 1) is an internationally recognized auditing standard that verifies the security and, above all, effectiveness of a company’s control system. Retarus’ internal control system meets the relevant requirements and ensures that a sustained high level of quality and protection when handling business-critical information is in place. A well-known auditing company regularly audits all relevant processes.
ISAE 3000 / SSAE 18 / SOC 2
SOC 2 certifies the security, availability, and process integrity of the solutions offered by Software-as-a-Service (SaaS) providers. Retarus Cloud Services for fax and email are continuously examined at our data center locations in Germany (Munich and Frankfurt), Asia (Singapore), and the USA (Ashburn and Secaucus) according to SOC 2 Type II.
ISO/IEC 27001
The international standard ISO/IEC 27001 specifies the requirements for setting up, implementing, maintaining, and continuously improving a documented information security management system (ISMS), taking into account the context of an organization. The standard has also been published as a DIN standard and is part of the ISO/IEC 27000 family of standards (ISO27K). The scope of Retarus‘ certificate covers the development and operation of our services in Munich and the data center at the same location.
PCI-DSS
PCI DSS (Payment Card Industry Data Security Standard) is a security standard for the careful and secure handling of payment data. Retarus complies with this standard.
TX-RAMP

The Texas Risk and Authorization Management Program provides a standardized approach for security assessment, certification, and continuous monitoring of cloud computing services that process the data of Texas state agencies.

See certificate

FSQS-NL

FSQS-NL (Financial Services Qualification System-Netherlands) is a community of financial institutions including banks, building societies, insurance companies and investment services, collaborating to agree a single standard for managing the increasing complexity of third and fourth-party information needed to demonstrate compliance to regulators, policies and governance controls. FSQS-NL is supported by ABN-AMRO and others in the industry.

See certificate

Read more
United States of America HIPAA

US-ASH and US-SEC:*

  • HIPAA
  • ISO 27001
  • NIST 800-53/FISMA
  • PCI-DSS
  • SOC 1 Type II
  • SOC 2 Type II
  • TX-RAMP
Singapore Data Protection Act 2012 PDPA

SG-SGP:*

  • HIPAA
  • ISO 27001
  • NIST 800-53/FISMA
  • PCI DSS
  • SOC 1 Type II
  • SOC 2 Type II
Germany Federal Data Protection Act (GDPR)

DE-FRA:*

  • ISO 27001
  • ISO 22301
  • PCI-DSS
  • SOC 1 Type II
  • SOC 2 Type II
  • FSQS-NL
  • ENS

DE-MUC:

  • SOC 1 Type II
  • SOC 2 Type II
  • PCI-DSS Level 2
  • FSQS-NL
  • ENS
Switzerland Federal Law on Data Protection (DPA)

CH-ZRH:*

  • ISO 27001
  • ISO 50001
  • SOC 1 Type II
  • SOC 2 Type II

*) Additional certificates/attestation provided by the selected colocation provider

Individually Auditable

You can check the Retarus Security Framework at any time if you require special certifications for compliance. Your auditors will receive personal access to our data centers and information about the relevant processes.

Demonstrably sustainable

ESG (Environmental, Social and Governance) is a topic everyone is currently talking about – and that's just how it should be. Retarus has always made a substantial effort when it comes to responsibility and sustainability, and can back this up with the requisite evidence. In its universal sustainability rankings, for instance, Ecovadis has attested to Retarus' efforts by rating the company amongst the top 22 percent of organizations in the computer programming, consulting and related activities sector. In addition, Retarus' sustainability profile at Integrity Next provides a lot more detailed information on the topic. Retarus passed the mandatory energy audit in accordance with DIN EN 16247-1:2012 in October 2022 with an excellent result.

EcoVadis logo
Integrity Next logo

Do We Meet Your Requirements? Take a Look Now!

This Retarus site doesn't match your location

Based on your location, we think you may prefer the United States website, where you'll get regional content and offerings. If you are looking for our complete product portfolio, please continue with the Global website.

United States

Global website