Hosting Compliance

PortlandLabs has third party validation for hundreds of global compliance requirements that we continually monitor to help you meet  the security and compliance standards you need to maintain your own compliance and/or peace of mind. 

PortlandLabs is the founders and maintainers of Concrete CMS (concrete5). For security information for that open source project please visit

For information on PortlandLabs Concrete CMS Hosting Security please visit Concrete CMS Hosting Security

ISO 27001 Certified

This certification proves that Portlandlabs has a robust security and risk management program! Download our ISO 27001 Certificate here: 

SOC 2 Type 2 Compliant

Ask for PortlandLabs latest SOC 2 Type 2 report for Concrete CMS Hosting.  Included in scope is the development of the open source Concrete CMS as well.

We regularly review the SOC 2 reports of the organizations in PortlandLabs Web Hosting supply chain. Think of SOC 2 like Russian nesting dolls with PortlandLabs SOC 2 compliance building upon the SOC 2 compliance of our cloud service providers. 

Carve Outs include AWS, Atlassian (Jira, Confluence, Bitbucket), Google Cloud, New Relic. 



FedRAMP is a US Government certification with extremely rigorous requirements. 

PortlandLabs meets all the controls required to be FedRAMP Moderate certified to the DoD Impact Level 2 (IL2 level). We perform all the necessary Continuous Monitoring. 

Interested in having your sites be hosted in our FedRAMP specific environment? Need more information? Let’s talk about how we meet the FedRAMP controls. We are happy to provide a customer responsibility matrix of what your Agency responsibilities would be. Ask below!

Do you need a US Government PIV authentication and authorization capability for your website administration and editing? We license versions of the Employee portal used by the U.S. Army!



Our external audits also provide independent proof that PortlandLabs hosting meet HIPAA and HITECH controls. Hosting your website with PortlandLabs will keep you in compliance with PCI.


Interested in more details?

Just ask below: