Compliance Reports

The Compliance Reports section allows authorized individuals to download company watermarked vXchnge compliance and security reports. These reports demonstrate vXchnge’s commitment to providing unparalleled physical and information security. All 14 vXchnge data centers are covered under the following industry standards:


ISO-27001-Certified-LogoISO 27001

The ISO/IEC 27001:2013 certification is the most widely-accepted certification for information security controls. Through a continuously improved risk management framework, ISO/IEC 27001:2013 ensures that the appropriate people, processes, policies, and technologies are in place to detect and defend against potential data system vulnerabilities.




SOC 1 Type II (SSAE 18)

The SOC 1 standard governs internal controls over financial reporting. The Type II report includes the design and testing of controls to report on the operational effectiveness of these controls over a period of time.




SOC 2 Type II

The SOC 2 standard governs internal controls over operational controls such as physical and environmental security. It reports vXchnge’s controls relevant to security, availability, processing integrity, confidentiality, or privacy. A Type II report includes detail on vXchnge’s controls as well as the third-party auditor’s detailed test procedures and results.






The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act set national standards for the privacy and security of electronically protected healthcare information. These standards insure that vXchnge implements and adheres to all physical, network, and process security measures related to protected healthcare information.





The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide security standard assembled by the Payment Card Industry Security Standards Council. The standard was created to help payment card industry organizations that process credit card payments and prevent credit card fraud by creating controls around data and its exposure to risk.


Compliance Bridge Letter

In addition to the reports mentioned above, a compliance bridge letter can be downloaded, which certifies controls that were tested and documented in the compliance reports listed above are still in place and working properly.