Compliance & Certifications

1. SOC 2 Type II Certification

Pena Click Intelligence Ltd. is SOC 2 Type II certified, demonstrating our commitment to security, availability, processing integrity, confidentiality, and privacy. Our SOC 2 audit covers:

• •Security: Protection against unauthorized access and data breaches
• •Availability: System uptime and service reliability guarantees
• •Processing Integrity: Accurate and timely processing of data
• •Confidentiality: Safeguarding of sensitive legal information
• •Privacy: Compliance with data protection regulations

Our SOC 2 Type II report is available to prospective customers and partners under NDA. Please contact legal@pena.click for access.

2. GDPR Compliance

pena.click complies with the General Data Protection Regulation (GDPR) and respects the privacy rights of individuals in the European Union and globally. Our compliance measures include:

• •Data Processing Agreements (DPAs) with customers and processors
• •Legitimate basis documentation for all data processing activities
• •Privacy by Design principles embedded in all systems
• •Data Subject Rights fulfillment (access, rectification, erasure, portability)
• •Data Protection Impact Assessments (DPIAs) for high-risk processing

3. ISO 27001 Information Security Management

pena.click maintains ISO 27001 certification, establishing a comprehensive Information Security Management System (ISMS) that covers:

• •Access control and authentication mechanisms
• •Encryption of data in transit and at rest
• •Incident response and breach notification procedures
• •Business continuity and disaster recovery planning
• •Regular security audits and penetration testing

4. Data Residency and Regional Compliance

We support data residency requirements across multiple jurisdictions:

• •EU data residency (GDPR compliance)
• •Brazil data residency (LGPD compliance)
• •US data residency (CCPA/CPRA compliance)
• •UK data residency (UK GDPR compliance)

Customers can specify data residency preferences in their account settings, and data processing occurs exclusively within the selected region.

5. Regulatory and Industry Compliance

pena.click adheres to compliance standards across multiple jurisdictions and industries:

• •CCPA/CPRA: California Consumer Privacy Act compliance
• •LGPD: Brazilian Lei Geral de Proteção de Dados
• •HIPAA: Healthcare Information Portability and Accountability Act (where applicable)
• •PCI-DSS: Payment Card Industry Data Security Standard
• •NIST Cybersecurity Framework: Security controls and practices

6. Incident Response and Breach Notification

In the event of a security incident or data breach, pena.click maintains robust incident response procedures:

• •24/7 Security Operations Center (SOC) monitoring
• •Immediate containment and investigation procedures
• •Notification to affected parties within legally required timeframes
• •Forensic analysis and root cause determination
• •Post-incident remediation and preventative measures

7. Regular Audits and Assessments

pena.click undergoes regular third-party security assessments and audits:

• •Annual SOC 2 Type II audits by independent auditors
• •Quarterly penetration testing and vulnerability assessments
• •Annual ISO 27001 recertification audits
• •Continuous vulnerability scanning and remediation

8. Compliance Questions and Certification Access

For questions regarding compliance, certifications, audit reports, or security assessments, please contact: