Probax is deeply committed to safeguarding the privacy and security of our partners' data, as well as that of their clients. In line with this commitment, we are now under the vigilant oversight of Drata, the world's foremost advanced platform for security and compliance automation.
Drata continuously monitors and collects evidence of Probax's security controls, while streamlining compliance workflows end-to-end to ensure audit readiness.
General Data Protection Regulation (GDPR) Compliance
The General Data Protection Regulation (GDPR) is a data privacy and security regulation passed by the European Union (EU) in May 2018. The GDPR intends to strengthen and unify data protection for all individuals within the EU and address the export of personal data outside of the EU and United Kingdom (UK).
Probax uses Drata’s automation platform to continuously monitor internal security controls across the organization against the GDPR regulatory requirements.
HIPAA Compliance
HIPAA is a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
SOC 2 Compliance
SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy.
Probax uses Drata’s automation platform to continuously monitor 100+ internal security controls across the organization against the highest possible standards. Automated alerts and evidence collection allows Probax to confidently prove its security and compliance posture any day of the year, while fostering a security-first mindset and culture of compliance across the organization.
PCI DSS Compliance
The Payment Card Industry Data Security Standard (PCI DSS) refers to payment security standards that ensure all sellers safely and securely accept, store, process, and transmit cardholder data (also known as your customers’ credit card information) during a credit card transaction.
Any merchant with a merchant ID that accepts payment cards must follow these PCI-compliance regulations to protect against data breaches. The requirements range from establishing data security policies for your business and employees to removing card data from your processing system and payment terminals.
