Compliance

Our Compliance Program ensures that you and your customers can trust Optimizely and have third-party assurance that effective and robust controls protect your data.

Optimizely Digital Experience Platform, Experimentation and Optimizely Campaign are ISO 27001 certified

To protect the information assets at Optimizely took the necessary steps to achieve ISO 27001:2013 standard certification. This process included internal auditing, critical testing, inspections, assessments and reviews of Optimizely’s information security management system. Independent third-party certification means you can trust that Optimizely has robusteffective security and privacy controls to protect your data. 

CCPA compliance

The California Consumer Privacy act (CCPA) represents a vital step toward ensuring individual privacy rights in California and helping drive more secure and protected online engagements throughout the US. We fully support CCPA in our internal processes and Optimizely can help customers leverage our products to achieve CCPA compliance. 

Learn more

PCI Compliance

Optimizely provides components that you can feel comfortable using around sensitive cardholder data. We provide externally audited PCI DSS or self-attested PCI attestations of compliance for relevant products. 

GDPR compliance

At Optimizely, data protection and GDPR compliance is a core pillar of our software and service development by design. This enables you to efficiently achieve and maintain compliance without compromising the functionalities that make you a digital leader. We have enhanced our data protection controls to be compliant with Shrems-II. We fully support data access and data deletion requests personal staff and customer information. 

Learn more

Infrastructure Compliance

After platforms undergo rigorous third-party confirmation of process and technical controls, we inherit their controls and implement our own compliance framework on top of their tools. 

 

Episerver's plans, processes and policies as a response to the COVID-19 outbreak

Because of our cloud-first initiatives and robust plans, processes, and policies, Episerver does not foresee any impact of the COVID-19 (Coronavirus) outbreak in our ability to continue to serve and support customers, partners, and organizations. Still, we are planning for the unexpected.

Learn more

 

Privacy

We are proud to be trusted with our worldwide customers’ data. Data privacy is important to all our customers, and especially to those operating in industries like banking and financial services, healthcare, pharmaceuticals, and the public sector.

Privacy