What security certifications does Comply have?

Cloud services from AWS

We use a world-leading cloud that follows global security policies.

Our security is underpinned by AWS (Amazon web Service)

User security on Comply’s platform is guaranteed by:

  • Secure transmission channels (HTTPS)
  • Encryption of data sent by the user to Comply
  • Two-factor authentication, which requires users to confirm their identity in two separate and distinct forms

Peppol access point

Comply is an accredited Peppol Service Provider for document exchange, guaranteeing its security for this type of document exchange.

The aim of the Peppol framework is to bring public administrations and enterprises closer together, digitalizing the procedures for preparing and awarding tenders in the pre-award phase, as well as the execution and fulfillment of the tender contract (post-award phase).

By leveraging Comply, you can achieve end-to-end integration berween your corporate information system and the OpenPeppol network, for all post-award tender processes.


OFTP2 (Odette File Transfer Protocol) is the communication protocol created for EDI (Electronic Data Interchange) applications within complex systems and organizations, where security and traceability are essential.

Compared to other protocols, it is characterized by:

  • its transmission speed
  • native handling of return receipts
  • two-tier message routing


The AS2 protocol is widely used around the world in healthcare, retail and e-commerce.

This standard governs the signing and encryption of messages exchanged over an HTTPS (hypertext transfer protocol secure) connection, and handles signed return receipts.

Comply uses software components certified by the AS2 Drummond Group, the global leader in AS2 software Interoperability Testing.

ISO Certifications

Comply exclusively uses certified data centers to manage the services of:

  • Cloud Computing and Cloud Storage
  • High Availability and Disaster Recovery
  • e-mail
  • domains and Internet sites
  • IT security

Specifically, the certifications involved are:

  • ISO 9001, which validates quality management systems, i.e. the ability to consistently provide products and services corresponding to specific quality requirements
  • ISO 14001 that governs the design and implementation of efficient environmental management systems to help companies reduce their environmental footprint
  • ISO 27000 which stipulates the requirements for an effective information security management system to limit information risks also including privacy, confidentiality and cybersecurity.