We safeguard your data in FirmRoom

Minimize risk, protect sensitive data and be compliant

We Prioritize Software Security and Compliance

Data security and compliance we follow

Compliant and compatible with the Health InsurancePortability & Accountability Act of 1966, requiring many safeguards including technical, physical, and administrative. Verified at the highest levels of HIPAA’s privacy, security and breach notification tests.


Compliant  with Service Organization Controls standards for the secure handling of information within a service organization. FirmRoom’s data centers are SOC2/3 certified, which ensure that the system is protected against  unauthorized changes or modification, and is available for operation and use as agreed.

Powered by AWS

FirmRoom data centers (handled by Amazon AWS) are state of the art, utilizing innovative architectural and engineering approaches. Amazon has many years of experience in designing, operating and constructing, large-scale data centers.     This experience has been applied to the AWS platform and infrastructure.


FirmRoom is FINRA compliant. FINRA is a     non-governmental agency that provides regulator services for the financial  
industry, and overseen by the SEC. It helps to manage, minimize risks, and resolve disputes.


FirmRoom is SEC compliant. The SEC is a     government agency that oversees activities of financial professionals, securities transactions, and mutual fund trading to prevent fraud and intentional deception.

ISO 27001 Certified

FirmRoom protects all data digitally and     physically under uncompromising international standards and accreditations. All FirmRoom information is securely hosted on ISO 27001 certified servers to ensure security, accessibility and privacy of data.

GDPR Compliant
PCI SAQ-D Compliant
Fisma Compliant
EU-US Privacy Shield Compliant

Software Security

Servers and networking

All servers that run FirmRoomsoftware in production are recent, continuously patched Linux systems.Additional hosted services that we utilize, such as Amazon RDS, S3 and others,are comprehensively hardened AWS infrastructure-as-a-service (IaaS) platforms.


FirmRoom stores document data(metadata, activity, original files, and customers’ data) in differentlocations, compiles and generates documents on the fly when requested. All datain each location is encrypted at rest with AES-128 and sophisticated encryptionkeys management.

payment information

FirmRoom uses external secure payment processing (Level 1 PCI) and does not store any credit card information. Simply put in your credit card information and have your room up and running within minutes.

Service levels

FirmRoom infrastructure utilizes many layered techniques for increasingly reliable uptime, including the use of auto-scaling, load balancing, task queues, and rolling deployments.We do full daily automated backups of our databases. All backups are encrypted.

Operation and

System performance and information security is continuously monitored by our team of highly skilled engineers. This ensures that all incidents will be handled in a timely manner by trained personnel and properly documented.

System monitoring
and alerting

At FirmRoom, the production application and underlying infrastructure components are monitored 24/7 by dedicated monitoring systems. Critical alerts generated by these systems are sent to on-call team members and escalated appropriately to operations management.

Data Security

Ready to get started?


Still have questions?