The products you trust – with new unified names. Certify is becoming Emburse Professional. Learn more

  1. company
  2. Security and compliance

Two employees examining Certify security and compliance

Security and compliance

Emburse Certify uses a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. When you enter sensitive information (such as a credit card numbers) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL). You are also required to use a password to securely access your account.

GDPR logo

General Data Protection Regulation (GDPR)

In May 2018, the EU General Data Protection Regulation (GDPR) will replace the existing 1995 EU Data Protection Directive (European Directive 95/46/EC).

Controlscan PCI Compliance

Controlscan PCI Compliance

Certify is a Level 1 Compliant PCI Service Provider. Certify partners with ControlScan for quarterly and annual PCI compliance certification. ControlScan is a highly respected, trusted payment security and compliance firm. ControlScan is an Approved Scanning Vendor and a Qualified Security Assessor of the PCI Security Standards Council.

Service Organizationn Control (SOC) Reports

Service Organizationn Control (SOC) Reports

Certify has successfully completed its Service Organization Controls (SOC) Type 2 examination. The examination, conducted by independent accounting and auditing firm BerryDunn, evaluated the processes, procedures and controls for security, availability and confidentiality of Certify.

EU-U.S Privacy Shield  SWISS-US Privacy Shield

EU-U.S Privacy Shield SWISS-US Privacy Shield

Certify participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework. Certify is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. This new framework replaced the U.S.-EU Safe Harbor Framework that was invalidated in October 2015. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.

AWS Certified Data Centers

AWS Certified Data Centers

Certify utilizes Amazon Web Services (AWS) for on-demand cloud computing to provide the most reliable and secure service available. AWS offers 210 security, compliance, and governance services and key features which is about 40 more than the next largest cloud provider. AWS also supports 89 security standards and compliance certifications including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, which is meaningfully more than any other cloud provider. AWS offers encryption across 116 different AWS services which is 3x more than any major cloud provider.

Symantec Extended Validation SSL

Symantec Extended Validation SSL

Certify uses Symantec SSL certificates. Symantec’s Extended Validation SSL certificates are used for transport layer encryption throughout Certify. Our certificates use 2048-bit public keys, in compliance with the latest PCI DSS 3.1 requirements.

VeriSign Weekly Vulnerability Assessment

VeriSign Weekly Vulnerability Assessment

VeriSign’s weekly vulnerability assessment tests check Certify for known problems that impact security. We ensure every test returns zero critical findings and zero informational findings.

ControlScan Application Penetration Testing

ControlScan Application Penetration Testing

Certify partners with ControlScan for annual authenticated (gray box) web application assessment that includes penetration and vulnerability testing. All findings are reported, mitigated and validated.

Physician Payments Sunshine Act logo

Physician Payments Sunshine Act

Stay in compliance with the Sunshine Act automatically thanks to Certify. Interact with your colleagues in healthcare with confidence and peace of mind.