Phenicie Business Management Logo

Compliance & Certifications

Enterprise-grade security and compliance for dark web monitoring

Quick Compliance Map
At-a-glance overview of our compliance frameworks and certifications

GDPR

Treat personal data lawfully, document processing, support data-subject rights, implement technical & organizational controls, keep records.

Learn more at GDPR.eu →

SOC 2

Build and operate controls mapped to the Trust Services Criteria (Security mandatory; Confidentiality/Privacy/Availability as needed), and collect evidence for an auditor.

Learn more at Secureframe →

Zero-PHI

Don't collect or store Protected Health Information; if you ever process PHI you need HIPAA safeguards and a BAA — otherwise explicitly exclude PHI and apply de-identification.

Learn more at HHS.gov →

MSP Verify

Third-party MSP assurance program (MSPAlliance/MSP Verify) — follow their control framework and documentation. Good to pursue after SOC-level controls are implemented.

Learn more at MSP Alliance →
GDPR Compliance
General Data Protection Regulation (EU) compliance measures

1. Governance & Legal Requirements

Data Protection Officer (DPO): Designated contact for GDPR compliance and data subject access requests (DSARs)
Data Processing Agreement (DPA): Published DPA meeting Art.28 requirements for EU personal data processingView our DPA →
Privacy Notice & Cookie Banner: Clear disclosures on purposes, legal basis, retention, transfers, and DSAR instructionsView Privacy Notice →
Retention Policy & RoPA: Documented record of processing activities with lawful basis and retention schedulesView Retention Policy →

2. Data Flow & Minimization

Data Mapping: Comprehensive mapping of every data element from source to storage, display, backups, and third-party processors
Minimize at Ingest: Drop unnecessary identifiers at collection time; strip sensitive data and use classification labels
Pseudonymization: HMAC with per-customer keys for correlation without reversibility
DPIA: Data Protection Impact Assessment completed for dark-web scanning with documented mitigations

3. Data Subject Rights

Legal Basis Documentation: Contract or legitimate interest for dark-web scanning with documented balancing test
DSAR Handlers: Implemented processes and SLAs for access, erasure, and portability requests
Data Transfers: Standard Contractual Clauses (SCCs) for US storage/processing with risk mitigation
Breach Notification: 72-hour notification process to supervisory authority and affected data controllers
MSP Verify Certification
Industry-recognized MSP operational maturity and controls certification

MSP Verify is a third-party assurance program focused on MSP operational maturity, business practices, and security controls. Our certification demonstrates commitment to:

Documented business processes
Service level agreements (SLAs)
Financial stability and transparency
Technical competency verification
Customer satisfaction metrics
Ongoing compliance monitoring

Need Compliance Documentation?

Request our full compliance package including SOC 2 reports, DPA templates, control matrices, and audit artifacts