Leading the Way
in Security & Compliance

Commence’s infrastructure is hosted within the highly secure Amazon Web Services (AWS) cloud environment. AWS provides enterprise-grade physical and network security controls that support the protection, availability, and resilience of customer data.

Commence supports compliance with the California Consumer Privacy Act (CCPA) and acts as a processor of customer data. Our systems and practices help organizations meet CCPA requirements for protecting consumer privacy and managing personal data responsibly.

Commence infrastructure aligns with the Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) at Levels 2 and 4. This alignment supports secure cloud environments for government workloads and enables service to DoD customers.

Commence supports compliance with the Federal Information Security Management Act (FISMA), which requires federal information systems to implement comprehensive security programs. These controls help protect government data and maintain secure system operations.

Commence supports organizations in meeting the requirements of the General Data Protection Regulation (GDPR). GDPR establishes strict standards for protecting personal data and gives individuals greater control over how their information is used.

Compliant with GLBA standards for protecting the privacy of customer financial information through encryption before transmission, during transmission, and while at rest. These safeguards help protect data from physical threats and unauthorized access while supporting secure financial information management.

Commence supports compliance with the Health Insurance Portability and Accountability Act (HIPAA), which establishes national standards for protecting sensitive patient health information. Our systems and processes are designed to safeguard protected health information and support secure healthcare operations.

The platform supporting Commence’s healthcare data solutions has earned HITRUST r2 Certification, demonstrating that it meets rigorous standards for cybersecurity and information protection. This certification helps ensure sensitive healthcare data is protected while supporting trusted, secure operations across complex health programs.

Commence is certified to ISO/IEC 27001 for Information Security Management and ISO/IEC 27017 for Cloud Security. These internationally recognized standards validate structured security controls designed to protect sensitive information in cloud environments.

Commence is certified to ISO 9001 for quality management systems. This certification reflects our commitment to consistent processes, operational excellence, and continuous improvement across our services and solutions.

Commence supports compliance with the Payment Card Industry Data Security Standard (PCI DSS Level 1). These controls help ensure credit card information is processed, stored, and transmitted securely.

Commence maintains SOC 2 compliance, demonstrating adherence to rigorous standards for security, availability, processing integrity, confidentiality, and privacy. This certification validates our commitment to protecting customer data through independently assessed controls.

Commence holds URAC accreditation for Health Utilization Management, reflecting a commitment to healthcare quality, patient safety, and accountable clinical review processes.

Commence is certified through the Virginia Values Veterans (V3) Program. This certification recognizes organizations that demonstrate a commitment to recruiting, hiring, and supporting veterans in the workforce.