About PRISM

• GDPR (General Data Protection Regulation): Full compliance with EU Regulation 2016/679. We process personal data lawfully, transparently, and with explicit consent.
• Data Subject Rights: Complete support for right to access, rectification, erasure, portability, and objection as required by GDPR Article 15-22
• Data Processing Agreements (DPA): Compliant with GDPR Article 28 requirements for data processors
• Data Breach Notification: Automated notification system compliant with GDPR Article 33 (72-hour notification requirement)
• EU Data Residency: Option for EU-only data processing and storage to meet data sovereignty requirements
• AI Act Compliance: Alignment with EU AI Act requirements for high-risk AI systems and transparency obligations

• CCPA (California Consumer Privacy Act): Full compliance with California privacy regulations, including consumer rights to know, delete, and opt-out
• CPRA (California Privacy Rights Act): Enhanced privacy protections including sensitive personal information controls
• HIPAA (Health Insurance Portability and Accountability Act): HIPAA-compliant infrastructure available for healthcare applications with Business Associate Agreements (BAA)
• FERPA (Family Educational Rights and Privacy Act): Compliance for educational institutions handling student records
• SOX (Sarbanes-Oxley Act): Financial data handling compliant with SOX requirements for public companies
• State Privacy Laws: Compliance with state-specific privacy laws including Virginia VCDPA, Colorado CPA, Connecticut CTDPA, and others
• NIST Cybersecurity Framework: Alignment with NIST CSF for cybersecurity risk management

Additional Certifications & Standards

• ISO 27001: Information security management system certification (in progress)
• SOC 2 Type II: Security, availability, and confidentiality controls audit (in progress)
• PCI DSS: Payment card industry data security standards for payment processing
• FedRAMP: Federal Risk and Authorization Management Program compliance for government contracts