Compliance

PandaDoc ensures compliance with the SOC2 industry standard.

We are currently in the process of reviewing our SOC2 certification. We can provide an SSAE16 SOC2 report and attestations of compliance, upon request.

PandaDoc services are hosted on the Amazon AWS platform and this document details the ways in which we leverage the massive investments that Amazon continues to make in security to the benefit of our customers.

The AWS infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. It is designed to provide an extremely scalable, highly reliable platform that enables to deploy applications and data quickly and securely.

AWS computing environments are continuously audited, with certifications from accreditation bodies across geographies and verticals, including ISO 27001, FedRAMP, DoD CSM, and PCI DSS. Additionally, AWS has assurance programs that provide templates and control mappings to help establish the compliance of environments running on AWS against 20+ standards, including the CESG (UK), and Singapore Multi-tier Cloud Security (MTCS) standards.

AWS is also fully compliant with applicable EU data protection laws and the AWS Data Processing Agreement incorporates the Article 29 Working Party Model Clauses. This means that transfer of personal data in AWS from the European Economic Area (EEA) to other countries will be given the same high-level of protection it receives in the EEA.

In a traditional data center, common compliance activities are often manual, periodic activities. These activities include verifying asset configurations and reporting on administrative activities. Moreover, the resulting reports are out of date before they are even published. Operating in an AWS environment allows us to take advantage of embedded, automated tools like AWS Config and AWS CloudTrail for validating compliance. These tools reduce the effort needed to perform audits, since these tasks become routine, ongoing, and automated. By spending less time on manual activities, we can help evolve the role of compliance in our company from one of a necessary administrative burden, to one that manages our risk and improves our security posture.