Trusted Compliance for Healthcare Organizations
When you choose EnGuard, you are not just choosing an email provider. You are choosing infrastructure that has been independently audited and certified to meet some of the most rigorous security and compliance standards in the world. Our datacenter undergoes continuous third-party assessments to ensure the highest standards of physical security, environmental controls, operational reliability, and data protection.
For a healthcare organization, this matters more than most people realize. The security of your email is only as strong as the infrastructure it runs on. EnGuard operates on enterprise-grade, certified infrastructure that gives you and your patients genuine confidence that their information is protected at every level.
Current Compliance Certifications
What We Are Certified For Today
These are the active compliance certifications maintained by our infrastructure. Each one represents an independent third-party validation that our systems meet strict standards for security, reliability, and data protection.
AICPA SOC 1 and SOC 2 Compliant
SOC 1 and SOC 2 are auditing standards developed by the American Institute of Certified Public Accountants. SOC 2 compliance specifically evaluates how a service organization handles security, availability, processing integrity, confidentiality, and privacy. For healthcare organizations, SOC 2 compliance is one of the strongest independent validations that a vendor takes data security seriously. Our infrastructure meets both SOC 1 and SOC 2 standards.
ISO 27001 Certified by Schellman
ISO 27001 is the internationally recognized standard for information security management systems. Certification requires a rigorous independent audit by an accredited body. Our ISO 27001 certification was conducted by Schellman, one of the most respected IT audit and compliance firms in the country. This certification confirms that our information security practices meet the highest global standards.
NIST 800-53 PE Compliant
NIST Special Publication 800-53 is a comprehensive framework of security and privacy controls developed by the National Institute of Standards and Technology. Physical and Environmental (PE) compliance specifically addresses the physical security of our datacenter, including access controls, monitoring, environmental hazards, and equipment protection. This is the same framework used by US federal agencies to secure their own systems.
PCI Security Standards Council
PCI DSS compliance means our infrastructure meets the Payment Card Industry Data Security Standards for protecting cardholder data. While this standard originates in the financial industry, PCI compliance is a widely recognized indicator of a mature, well-controlled security environment that applies broadly to any sensitive data handling.
HIPAA Compliant
EnGuard operates on infrastructure that is fully HIPAA compliant, meeting the technical, physical, and administrative safeguard requirements of the Health Insurance Portability and Accountability Act. Every account includes a signed Business Associate Agreement, and our team is trained in HIPAA Privacy and Security to ensure your patients’ Protected Health Information is handled correctly at every level.
ISO 14001 and ISO 45001
ISO 14001 is the international standard for environmental management systems, ensuring our datacenter operates with responsible environmental practices. ISO 45001 is the international standard for occupational health and safety management. Together these certifications reflect a commitment to responsible, sustainable, and safe operations at every level of our infrastructure.
Certification Capable
What Our Infrastructure Can Support
In addition to our active certifications, our datacenter infrastructure is capable of supporting customers who operate in highly regulated industries with additional compliance requirements. If your organization requires any of the following, our infrastructure is built to accommodate them.
FISMA — Federal Information Security Management Act
FISMA establishes a framework for protecting government information and assets. Organizations working with US federal agencies or government contractors may require FISMA compliance from their vendors.
ITAR — International Traffic in Arms Regulations
ITAR controls the export and import of defense-related materials and services. Organizations in the defense sector or working with defense contractors may require ITAR compliant infrastructure.
CJIS — Criminal Justice Information Services
CJIS compliance is required for any organization that accesses, transmits, or stores criminal justice information. Law enforcement agencies, courts, and organizations that work with criminal justice data fall under this requirement.
HITRUST — Health Information Trust Alliance
HITRUST is a comprehensive security framework widely adopted in the healthcare industry that combines elements of HIPAA, ISO, NIST, and other standards into a single certifiable framework. Many large healthcare organizations and health insurance companies require HITRUST compliance from their vendors.
ICD 705 — Intelligence Community Directive 705
ICD 705 establishes standards for Sensitive Compartmented Information Facilities (SCIFs). This applies to organizations that handle classified national security information.
FedRAMP — Federal Risk and Authorization Management Program
FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by US federal agencies. Organizations providing services to the federal government may require FedRAMP authorization from their cloud and hosting vendors.
Why This Matters for Your Business
Most healthcare businesses choosing a HIPAA email provider never think to ask about the underlying infrastructure their data sits on. They focus on price, features, and support, which are all important. But the foundation everything runs on matters just as much.
EnGuard operates on the same certified infrastructure trusted by financial institutions, government agencies, and defense contractors. As an EnGuard customer, you get the benefit of enterprise-grade security that most organizations ten times your size cannot access on their own.
You do not need to understand every certification on this page. What you need to know is that independent experts have reviewed our infrastructure and confirmed it meets some of the highest security standards in existence. That is the foundation your patient data sits on every single day.
