Compliance

Aha! has invested in robust data center infrastructure to ensure strong security and protection. The following certifications mean that an auditor has verified that specific security controls are in place and operating as intended. These certifications provide customers with the proper assurance that we are committed to providing high performance and secure cloud-based services.

  • Aha! Compliance

  • ISO 27001

    Aha! is ISO 27001 certified. ISO is an information security standard published by the International Organization for Standardization, the world’s largest developer of voluntary international standards, and the International Electrotechnical Commission (IEC). This certification was issued by an independent and accredited certification body based on successful completion of a formal audit process.

  • EU-U.S. Privacy Shield Framework

    Aha! complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Aha! has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-U.S. Privacy Shield, Aha! is potentially liable. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.

  • Data Center Compliance

  • The Aha! cloud infrastructure is housed in Amazon Web Services (AWS) data centers, which are considered to be the world's best by industry-leading analyst firm Forrester. AWS provides a broad set of capabilities in terms of data center security, network security, and a significant number of certifications. This level of data center and operational security allows Aha! to be compliant with many of the most stringent industry standards.

  • SOC 1

    Aha! datacenter partner AWS publishes a Service Organization Controls 1 (SOC 1), Type II report. The SOC 1 Type II report covers controls in place at a Service Organization intended to meet the needs of the user entity. The type II report additionally includes an auditor's overview of the operating effectiveness of the controls in place to achieve the control objectives.

  • SOC 2

    In addition to the SOC 1 report, AWS publishes a Service Organization Controls 2 (SOC 2), Type II report. Similar to the SOC 1 in the evaluation of controls, the SOC 2 report is an attestation report that expands the evaluation of controls to the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. These principles define leading practice controls relevant to security, availability, processing integrity, confidentiality, and privacy applicable to service organizations.

  • SOC 3

    You can also review the Service Organization Controls 3 (SOC 3) report. The SOC 3 report is a public summary of Amazon's SOC 2 report.

  • ISO 9001

    ISO 9001:2008 is the international standard for Quality Management Systems (QMS), published by the International Organization for Standardization (ISO). AWS has undergone a systematic, independent examination of their quality system to determine whether the activities and activity outputs comply with ISO 9001 requirements.

  • ISO 27001

    AWS is ISO 27001 certified. ISO is an information security standard published by the International Organization for Standardization, the world’s largest developer of voluntary international standards, and the International Electrotechnical Commission (IEC). This certification was issued by an independent and accredited certification body based on successful completion of a formal audit process.

  • PCI

    All payments are processed through our third party payment processing vendor, Recurly. Recurly is PCI-DSS Level 1 compliant as a merchant service provider.

Fred-mojo-2_w440px

Roadmap software to manage your products.
Finally, connect strategy to execution.