Compliance and Certifications


SOC for Service Organizations reports is designed to help service organizations that provide services to other entities, build trust and confidence in the service performed and controls related to the services through a report by an independent CPA. SOC 2 controls are evaluated at a Service Organization that is relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy related to systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.

How to request a SOC2 report

Privacy Shield

The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. OPSWAT makes the public commitment to comply with the Framework’s requirements. The Privacy Shield commitment is enforceable under U.S. law.

Cyber Essentials Certificate of Assurance

Cyber Essentials is a Government-backed, industry-supported scheme to help organisations protect themselves against common online threats. The UK Government requires all suppliers bidding for contracts involving the handling of certain sensitive and personal information to be certified against the Cyber Essentials scheme. OPSWAT is certified in Cyber Essentials.

Good Software

Good Software is a Korean based software certification. OPSWAT has received the Good Software Certification based on testing and evaluation of OPSWAT products with established international standards including functionality, usability, efficiency, reliability, portability, maintainability, indication, and identification.

IASME Governance Standard GDPR Certificate of Assurance

Closely related to Cyber Essentials, it is a Government-backed, industry-supported scheme to help organisations protect themselves against common online threats. As Cyber Essentials focuses on key technical controls, GDPR requires more than Cyber Essentials on its own. By attaining the IASME Governance Standard certification which includes the GDPR requirements, OPSWAT has demonstrated that it has a wider governance system for the management of the controls protecting personal data. The IASME governance standard adds a number of topics to Cyber Essentials which supports GDPR compliance. These include assessing business risks, training staff, dealing with incidents and handling operational issues.


The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment. Trustwave helps OPSWAT to meet PCI-DSS compliant standards and protect customers.


GDPR General Data Protection Regulation is intended to protect all EU citizens from privacy and data breaches. OPSWAT is committed to GDPR and protects both EU and non-EU citizens by complying with all of the personal data rights and regulations that are mandated by GDPR.