Virtru Compliance

Enabling privacy and trust starts with going above and beyond compliance requirements.

Trust Starts with Compliance

As a data privacy company that helps thousands of organizations with compliance, we hold ourselves to a higher security standard, adhering to the most rigorous industry accreditations to demonstrate the security of our cloud infrastructure.


Virtru has a certified Authorization to Operate (ATO) at the moderate level under FedRAMP. As part of our FedRAMP compliance program, we adhere to the security controls defined in the NIST 800-53 and 800-171 publications to ensure integrity of federal information systems.

Soc 2 Type 2

Virtru is certified for Service Organization Control (SOC) Type 2 compliance, validating our ability to safeguard customer data in the cloud. Customers can request access to our SOC 2 audit reports for review against their internal security practices.

Cloud Security Alliance

Virtru is a certified vendor on the Cloud Security Alliance (CSA) Security, Trust, and Assurance Registry (STAR). Encompassing the key principles of transparency, rigorous auditing and harmonization of standards, CSA STAR consists of three levels of assurance.


In order to preserve patient data privacy and trust, we routinely enter Business Associate Agreements (BAAs) with customers who are subject to the Health Insurance Portability and Accountability Act (HIPAA). Our data protection helps thousands of customers meet requirements to keep protected health information (PHI) private.


Virtru’s is a vocal proponent of the European Union’s new General Data Protection Regulation (GDPR), aligning our security practices with GDPR’s data privacy requirements. Virtru has already helped hundreds of customers meet the new framework’s obligation to use “state of the art” security measures such as end-to-end encryption, to protect EU citizens’ private data.

Thousands of organizations rely on Virtru.

Schedule a demo with Virtru today.

Get Started