Compliance Certifications & Standards

FacilityFlow meets the highest standards for security, privacy, and operational excellence. Our certifications are independently verified by accredited auditors and renewed annually.

Request Compliance Info
Home Page Hero

Our Active Certifications

Compliance Badges Banner.png


Industry-Specific Compliance

FacilityFlow supports compliance requirements across regulated industries.

Health

HealthCare

While FacilityFlow is not a covered entity, we provide Business Associate Agreements (BAAs) and HIPAA-compliant configurations for healthcare facility management. Features: BAA available, audit logging, access controls, encryption.

Industry

Manufacturing

Standards: ISO 55001, ISO 41001 Description: Support for asset management (ISO 55001) and facility management (ISO 41001) standards through built-in workflows and documentation. Features: Asset lifecycle tracking, PM compliance, calibration management

Dollar

Financial Services

Financial services compliance support through robust audit trails, access controls, and change management documentation. Features: Audit trails, segregation of duties, change logs

Briefcase

Government

Currently serving state and local government clients. FedRAMP certification on our product roadmap for 2026. Features: Data residency, access controls, reporting.

Lightning

Energy & Utilities

Energy management module supports ISO 50001 compliance. Security controls align with NERC CIP requirements for critical infrastructure. Features: Energy tracking, sustainability reporting, security controls.

Compliance Documentation Library

Access our compliance documentation to accelerate your vendor security review.

📄 SOC 2 Type II Report [NDA Required]

Complete SOC 2 Type II audit report covering security, availability, and confidentiality.

📄 ISO 27001 Certificate [Public]

Official ISO 27001:2022 certification document.

Data Processing Agreement (DPA) [Customers Only]

Pre-signed DPA for GDPR compliance, including Standard Contractual Clauses.

📄 Security Questionnaire (SIG Lite) [Prospective Customers]

Pre-completed SIG Lite security questionnaire for vendor assessments.

📄 Penetration Test Summary [NDA Required]

Executive summary of our latest third-party penetration test.

📄 Business Continuity Plan Summary

Overview of disaster recovery and business continuity procedures.

Streamlined Vendor Security Reviews

We make it easy for your security team to evaluate FacilityFlow.

Database

Pre-Completed Questionnaires

We maintain current responses for common security questionnaires including SIG, CAIQ, VSA, and custom formats. Supported Formats: SIG Lite & SIG Core, CAIQ v4, Vendor Security Alliance (VSA), HECVAT (Higher Education), Custom questionnaires. Turnaround: 2-3 business days for custom requests

Shield

Security Team Access

Our security team is available to answer questions, provide documentation, and participate in vendor review calls. Contact Options: Email, Security review calls (scheduled), Architecture review sessions. Response SLA: 24-48 hours for security inquiries.

Briefcase

Customer Audit Rights

Enterprise customers have contractual audit rights. We welcome on-site or remote security assessments. Audit Support: Evidence request fulfillment, Interview coordination, Documentation access, Audit room facilities (on-site). Scheduling: 30-day advance notice required.

Need Compliance Documentation?

Our compliance team responds within 24 hours to documentation requests.

Request Compliance Package