Security Trust Center

Security Trust Center

Your security is our mission. Semper Sec maintains industry-leading certifications and rigorous security practices so you can confidently trust us with your compliance journey.

View CertificationsRequest Documentation
Independently Verified

Our Certifications

Semper Sec is independently audited by Armanino LLP to confirm our information security and privacy management systems meet international standards.

ISO 27001 Certification BadgeInformation Security

ISO/IEC 27001:2022

The global gold standard for information security management systems (ISMS), demonstrating our systematic approach to managing sensitive information.

  • Risk-based security controls tailored to our operations
  • Formal incident management and business continuity plans
  • Annual surveillance audits by Armanino LLP
  • Covers all client-facing services and internal infrastructure
ISO 27701 Certification BadgePrivacy Management

ISO/IEC 27701:2019

An extension to ISO 27001 specifically addressing privacy information management, ensuring we meet global data protection requirements.

  • Privacy controls aligned with GDPR, CCPA, and other regulations
  • Formal data processing and retention policies
  • Designated privacy roles and accountability structure
  • Regular privacy impact assessments and reviews
Our Commitment

How We Protect Your Data

Our security program is built on four pillars that work together to safeguard your information at every level.

Information Security

Enterprise-grade encryption, network segmentation, and continuous vulnerability management protect data at rest and in transit.

Privacy Management

Formal data processing agreements, purpose limitation, and privacy-by-design principles govern every engagement.

AI Management

Structured AI risk management and ethical use policies ensure responsible adoption of artificial intelligence across our operations and client engagements.

Continuous Improvement

Regular internal audits, management reviews, and corrective actions drive ongoing improvement of our security posture.

Last External Audit: March 2026 by Armanino LLP  |  Next Scheduled: March 2027
Continuous Monitoring
Common Questions

Frequently Asked Questions

What does ISO 27001 certification mean for your clients?
ISO 27001 certification means Semper Sec has implemented a comprehensive information security management system (ISMS) that has been independently verified by Armanino LLP. For our clients, this provides assurance that we follow internationally recognized best practices for protecting sensitive data — including systematic risk management, formal security policies, and continuous improvement processes.
How does ISO 27701 enhance your privacy protections?
ISO 27701 extends our ISO 27001 certification with a privacy information management system (PIMS). This adds specific controls for personally identifiable information (PII), aligning our practices with regulations like GDPR and CCPA. It ensures we have documented procedures for data collection, processing, retention, and deletion — giving our clients confidence their privacy requirements are met.
Who conducts your certification audits?
Our ISO 27001 and ISO 27701 certifications are audited by Armanino LLP, one of the largest independent accounting and business consulting firms in the United States. Their audit team has deep expertise in information security and privacy management system assessments, providing our clients with confidence in the rigor and independence of our certifications.
Can I request a copy of your certifications or security documentation?
Yes. We provide our certification documentation, SOC 2 reports, penetration test summaries, and other security materials to clients and qualified prospective partners. Please schedule a meeting or email info@sempersec.com to request access.
How often is your security posture reviewed?
Our security posture is reviewed on a continuous basis. We conduct internal audits quarterly, management reviews at least annually, and external certification audits on an annual cycle. Between audits, we perform ongoing risk assessments, vulnerability scans, and policy reviews to ensure our controls remain effective against evolving threats.
How do you handle security incidents?
Semper Sec maintains a formal incident response plan that includes identification, containment, eradication, recovery, and post-incident review. Affected clients are notified in accordance with our contractual obligations and applicable regulations. Our incident response procedures are tested regularly through tabletop exercises and are reviewed as part of our ISO 27001 audit cycle.

Responsible Disclosure

Semper Sec takes vulnerability reports seriously. If you believe you have discovered a security vulnerability in any of our systems, we encourage you to report it responsibly.

Please email security@sempersec.com with details of the finding. We investigate all credible reports and respond within 48 hours.

>