Trust Center

Ataccama’s Information Security Management System (ISMS) is certified to ISO 27001:2022, the internationally recognized standard for managing information security. This certification demonstrates our commitment to protecting customer data through rigorous security controls, policies, and procedures designed to mitigate risks across people, processes, and technology.

Our Quality Management System (QMS) is certified to ISO 9001:2015, the leading global standard for quality assurance. This framework ensures that Ataccama consistently delivers high-quality products and services, driven by continuous improvement and customer satisfaction.

Ataccama undergoes an annual SOC 1 Type II audit conducted by an independent third-party firm to assess the design and operational effectiveness of controls over financial reporting (ICFR). This report evaluates the controls relevant to customers' financial reporting needs across Ataccama's global operations, including our Ataccama ONE platform and associated services. The scope covers security, access management, risk mitigation, incident response, and change management processes

​​Ataccama undergoes an annual SOC 2 Type II audit, conducted by an independent third-party auditor, to assess the design and operational effectiveness of our controls. This audit evaluates our adherence to the AICPA Trust Services Criteria for security, availability, confidentiality, processing integrity, and privacy, including HIPAA-related controls. The report provides assurance that Ataccama maintains high standards for data protection, risk management, and compliance across our global operations.

Ataccama participates in the EcoVadis sustainability assessment, a globally recognized evaluation of corporate performance across key areas including environment, labor and human rights, ethics, and sustainable procurement. This demonstrates our ongoing commitment to responsible business practices and continuous improvement in ESG (Environmental, Social, and Governance) criteria. Our latest EcoVadis sustainability scorecard is available upon request. Please reach out to your Ataccama sales representative for access.

Ataccama aligns with HIPAA requirements to protect Personal Health Information (PHI) under US healthcare regulations. Our SOC 2 Type II audit includes controls mapped to HIPAA security and privacy rules, verifying that we safeguard PHI through robust administrative, physical, and technical measures. This ensures that Ataccama can support clients in regulated industries with stringent privacy obligations​

Ataccama aligns with the Digital Operational Resilience Act (DORA) to support financial institutions in meeting ICT risk management and operational resilience requirements under EU regulation. Our SOC 2 Type II and ISO 27001 certifications include controls that reflect DORA expectations, such as incident reporting, business continuity, and third-party risk management. We provide audit-ready processes, transparent ICT practices, and secure data governance through our Ataccama ONE platform, ensuring that financial entities can confidently rely on our services as part of their digital resilience strategies.

Ataccama complies with the California Consumer Privacy Act (CCPA), ensuring transparency and control over the personal information of California residents. We uphold core CCPA principles such as the right to access, delete, and opt out of the sale of personal data. These practices reflect Ataccama’s commitment to respecting consumer privacy rights and supporting responsible data governance under U.S. state privacy regulations.

Ataccama adheres to the General Data Protection Regulation (GDPR), ensuring the protection and privacy of personal data for individuals in the European Union. Our SOC 2 Type II audit includes an independent assessment of controls aligned with GDPR requirements, covering data minimization, access restrictions, transparency, and secure data disposal practices. This provides assurance that Ataccama implements robust measures to safeguard personal data in accordance with global privacy standards.