stack8s uses Auth0, as part of Okta, which maintains a robust set of security and compliance certifications to meet various regulatory and industry standards. Here's an overview of the key compliance frameworks and certifications Auth0 adheres to:
✅ Core Compliance Certifications
- SOC 2 Type 2: Auth0 undergoes an annual SOC 2 Type 2 audit, covering all five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. This certification demonstrates Auth0's commitment to maintaining high standards in data protection and operational controls. Auth0
- ISO/IEC 27001 and ISO/IEC 27018: Auth0 is certified under ISO 27001 for its Information Security Management System (ISMS) and ISO 27018 for the protection of personally identifiable information (PII) in cloud environments. These certifications are audited annually by independent third parties. Auth0
- HIPAA and HITECH: Auth0 qualifies as a Business Associate under the U.S. HIPAA and HITECH regulations. For customers who are Covered Entities and handle electronic Protected Health Information (ePHI), Auth0 can provide a Business Associate Agreement (BAA) upon request. Auth0
- GDPR: Auth0 is GDPR-ready and provides tools and documentation to help customers comply with the General Data Protection Regulation. This includes features for data access, correction, deletion, and portability. Auth0
- CSA STAR Certification: Auth0 holds the Cloud Security Alliance (CSA) STAR certification, demonstrating adherence to cloud security best practices and controls. Auth0
- PCI DSS: Auth0 offers PCI DSS-compliant deployment models. The Attestation of Compliance (AOC) and Self-Assessment Questionnaire (SAQ-D) are available upon request through the Auth0 Support Center. Auth0
- FAPI (Financial-grade API): Auth0 is a certified OpenID Provider for FAPI 1 Advanced profiles, supporting enhanced security standards for financial and other sensitive data transactions. Auth0+1Auth0 Community+1
🏥 Healthcare and Financial Compliance
- HIPAA Compliance: Auth0 supports HIPAA compliance for healthcare applications, providing necessary safeguards and agreements for handling ePHI. Auth0
- PSD2 and Strong Customer Authentication (SCA): Auth0 provides capabilities to support compliance with the EU's Payment Services Directive 2 (PSD2), including features for Strong Customer Authentication and dynamic linking. Auth0
🌍 Regional and Industry-Specific Compliance
- Data Residency Options: Auth0 offers data storage options in various regions, including AWS facilities in Frankfurt, to help customers meet regional data residency requirements. Auth0
- Additional Certifications: Auth0 also complies with other standards such as ISO 27017, NIST 800-53 Rev. 5, and FIPS 140-2, among others. Auth0
For detailed documentation or to request specific compliance reports (e.g., SOC 2, ISO certificates, PCI DSS AOC), you can access the Auth0 Support Center or contact their compliance team directly. Auth0 Community+1Auth0+1
If you need further assistance please contact support@stack8s.org