Experience.com Trust Page
Security compliance is a cornerstone of our comprehensive security strategy at Experience.com. We know that trust is the foundation of any successful business partnership, and we are fully committed to earning and maintaining that trust. Compliance with security regulations and industry-standard frameworks is more than a formality. Experience.com has attained SOC 2 Type 2 and ISO 27001:2022 certifications and complies with HIPAA, CCPA, and GDPR standards, further reinforcing our commitment to trust. We build trust with our clients by providing clear evidence that our security practices align with industry best practices and regulatory requirements.
Compliance & Regulations
Compliance
 | ISO 27001:2022 |
 | SOC 2 Type II |
 | CCPA |
Regulations
 | GDPR |
 | HIPAA |
Standards
 | ADA/WCAG |
FrameWorks
 | NIST 800-53 R5 |
| NIST CSF 2.0 | |
 | CIS benchmarks |
 | MITRE ATT&CK |
 | CAN-SPAM |
Management-Approved Policies
Customer Support
Our customers can reach us through multiple
channels:
Security Documents
Compliance Documents
Workstation Security
| Controls | Description |
|---|---|
| Mobile Device Management | Centrally managed, CIS benchmark compliant. |
| Disk Encryption | FileVault 2 on all Mac workstations. |
| Anti-Malware Protection | Next-gen EDR/Antivirus protection. |
| Remote Access | Secure VPN with MFA. |
| 24/7 Support | Dedicated IT/Network team. |
| Security Checklist | Pre-deployment verification. |
| Asset Inventory | Dynamic, real-time updates. |
| Vulnerability Management | Weekly scans and remediation. |
Corporate Security
| Controls | Description |
|---|---|
| Network Protection | Firewall with IPS, DDoS protection, content filtering. |
| Physical Security | Biometric access controls, CCTV surveillance. |
| Audits & Scans | Monthly audits, bi-weekly vulnerability scans. |
| Security Awareness Program | Mandatory training and ongoing education for employees. |
| Employee Background Checks | Thorough screening for all employees. |
| Incident Response | NIST-aligned program with dedicated CSIRT team. |
| GRC | Committee for aligning IT with business goals and managing risk. |
| Vendor Management | Due diligence on service providers, annual re- evaluation. |
Application Security
| Controls | Description |
|---|---|
| DAST & SAST | Dynamic and static application security testing. |
| Secure Coding Practices | OWASP guidelines and regular training. |
| External VAPT | Quarterly penetration testing. |
| WAF | Web application firewall to filter malicious traffic. |
| SIEM | Cloud-native monitoring and alerting. |
| Red Team Activities | Simulated attacks to test and improve defenses. |
| Bug Bounty Program | Publicly disclosed program for responsible vulnerability reporting. |
Data Security
| Controls | Description |
|---|---|
| Access Controls | Role-based, least privilege, and separation of duties. |
| Encryption | Industry-grade encryption for data at rest and in transit. |
| Data Retention | Compliant with CCPA/CPRA, HIPAA, GDPR and SOC 2 Type II. |
| Data Availability & DR | Backups, hot DR site, and redundant AWS infrastructure for high availability. |
Requesting Our Policies and Reports
You may submit a request from any business email address. Please send requests to sales@experience.com.
Management-Approved Policies
We collaborate with third-party vendors to enhance our services:
Amazon Web Services
Infrastructure as a Service
Sendgrid
Email and SMS
Twilio
Email and SMS
Atlassian
Atlassian software suite
Salesforce
Customer service management
NewRelic
Monitoring systems
SumoLogic
Security information and event management
Deloitte
Cybersecurity assessment provider
Have a security concern?
Our dedicated (Experience.com) Security Team is here to assist you with any issues or security-related concerns. Reach out to us at security@experience.com
All rights reserved.