Compliance

Your Security and Data Protection are our Priority

We value the trust you place in Everbridge. We are committed to providing our customers and partners with a secure environment utilizing state of the art technologies to safeguard your information. The Everbridge Privacy and Website Cookie Policies are designed to assist you in understanding how we collect, use and safeguard the information you provide to us.

Everbridge’s security framework is based on the comprehensive set of security requirements and controls within US National Institute of Standards and Technology (NIST) Special Publication 800-53 – Security and Privacy Controls for Information Systems and Organizations. Annually, Everbridge achieves certification and accreditation from an independent third party assessment organization (3PAO) approved under the Federal Risk and Authorization Management Program (FedRAMP). The 3PAO security assessors verify Everbridge’s compliance in over 150 security and data protection areas within 17 different security categories including access control, incident response, security training, system integrity, identification and authentication, contingency planning, etc. via various assessment techniques including vulnerability analysis and penetration testing. Everbridge selected the NIST 800-53 security requirement standard because it provides a complete and holistic approach to information security and has direct mappings to the global information security standards ISO 27001: Information technology–Security techniques–Information security management systems and ISO 15408: Information technology – Security techniques – Evaluation criteria for IT security

Globally Applicable Certifications

SSAE-18 SOC 3

Everbridge publishes a Service Organization Controls 3 (SOC 3) report. The SOC 3 report is a publicly-available summary of the Everbridge SOC 2 Type II report. The SOC 3 report includes the auditor’s statement on Everbridge’s achievement on all trust services criteria (based on the AICPA’s Trust Services Principles assessed in the SOC 2 report), the assertion from Everbridge management regarding the effectiveness of these internal controls, and an overview of the Everbridge Suite platform. The SOC 3 report provides assurance that Everbridge’s internal controls have been verified to achieve the AICPA’s Trust Services Principles for data security, availability, and confidentiality.

US Government Certifications

SAFETY act

The United States Department of Homeland Security (DHS) has designated and certified Everbridge under the SAFETY Act (Support Anti-terrorism by Fostering Effective Technology). Pursuant to the SAFETY Act, the designation provides legal liability protections to both Everbridge and our customers in the result of technology failures during a DHS declared terrorist attack. Applications on the Everbridge critical communications platform are now on the DHS SAFETY Act’s “Approved Technologies List.”

FedRAMP

Everbridge Suite has achieved the prestigious and rigorous Federal Risk and Authorization Management Program, or FedRAMP, compliance and authorization. FedRAMP is a United States government-wide program that provides a standardized approach (based on NIST SP 800-53 revision 4) to security assessment, authorization, and continuous monitoring for cloud products and services.

EU Privacy Compliance

General Data Protection Regulation (GDPR)

On May 25, 2018, a new European privacy regulation called the General Data Protection Regulation (“GDPR”) went into effect. As a company, Everbridge is GDPR ready having reviewed our business processes and forms to confirm our compliance with the new requirements, including an individual’s right to access their personal data, their right to be forgotten, their right to data portability, and their right to be notified of a breach. Everbridge currently complies with current EU legislation, including the Data Protection Directive 95/46/EC, the UK Data Protection Act, and the German Federal Data Protection Act (Bundesdatenschutgesetz). The company is also certified under the EU-US Privacy Shield (see below).

Privacy Shield

Everbridge participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Everbridge is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website at https://www.privacyshield.gov/welcome.

UK Government Listings

G-Cloud

The Everbridge Critical Event Management platform is a listed vendor within the G-Cloud framework. G-Cloud is the UK government’s latest framework that is designed to simplify and accelerate adoption of cloud-based services within the public sector. The Everbridge platform, and suite of enterprise applications, are entirely SaaS-based, and designed to automate and accelerate an organization’s operational response to critical events in order to keep people safe and businesses running.

UK ICO

Everbridge is registered by the Information Commissioner’s Office. This UK-based governmental office upholds information rights in the public interest, promoting openness by public bodies and data privacy. The registration confirms Everbridge’s commitment to safeguarding user information and adhering to security and privacy protection standards.

Privacy and Security