# Compliance ThreatDefence is committed to maintaining the highest standards of security, privacy, and compliance. Our compliance scope covers people, processes and technology — including our ThreatDefence platform, supporting infrastructure, and 24x7 SOC operations. *** ## Global Standards and Certifications ThreatDefence is certified and compliant with the following internationally recognised standards: * **ISO/IEC 27001** – Information Security Management System (ISMS) certification. * **SOC 2** – Assurance of secure systems, availability, confidentiality, and integrity. * **PCI DSS** – Compliance for environments processing or transmitting payment data. * **GDPR (General Data Protection Regulation)** – Alignment with EU and UK privacy regulations for processing and safeguarding personal data. * **HIPAA (Health Insurance Portability and Accountability Act)** – Support for customers in the healthcare sector requiring healthcare data privacy and security controls. *** ## Australian Standards and Frameworks For our Australian customers and deployments, ThreatDefence maintains strict alignment with local frameworks and regulations. Our compliance scope extends across people, processes, and technology — including the ThreatDefence 24/7 SOC and platform located in Australia: * **ASD ISM (Information Security Manual)** – Alignment with controls mandated by the Australian Cyber Security Centre (ACSC). * **Essential Eight** – Baseline mitigation strategies for cyber security, continuously measured and reported. * **PSPF (Protective Security Policy Framework)** – Support for compliance with Australian Government security obligations. *** ## Audit and Assurance Support ThreatDefence actively supports customers during internal and external audits by: * Providing evidence and artefacts for ISO, IRAP, DISP, PCI DSS, SOC 2, HIPAA, and GDPR assessments. * Coordinating with security officers to validate compliance requirements. **Copies of certifications and supporting evidence can be provided to customers upon request, subject to NDA or contractual obligations.** *** ## Customer Responsibilities While ThreatDefence provides compliance-ready services, customers are responsible for: * Keeping escalation contact lists up to date. * Ensuring log sources and telemetry are enabled and accessible. * Maintaining customer-side controls such as patching, access management, and backups. * Participating in governance and compliance reviews to validate ongoing readiness. *** ## References * [ISO/IEC 27001 Standard](https://www.iso.org/isoiec-27001-information-security.html) * [SOC 2 Trust Principles](https://www.aicpa.org/soc4so) * [PCI DSS Standard](https://www.pcisecuritystandards.org/) * [GDPR Overview](https://gdpr-info.eu/) * [HIPAA Security Rule](https://www.hhs.gov/hipaa/for-professionals/security/index.html) * [ASD Essential Eight](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight) * [Protective Security Policy Framework](https://www.protectivesecurity.gov.au/)