PortlandLabs has third party validation for hundreds of global compliance requirements that we continually monitor to help you meet the security and compliance standards you need to maintain your own compliance and/or peace of mind.
PortlandLabs is the founders and maintainers of Concrete CMS (concrete5). For security information for that open source project please visit https://www.concretecms.org/security.
For information on PortlandLabs Concrete CMS Hosting Security please visit Concrete CMS Hosting Security
ISO 27001 Certified
This certification proves that Portlandlabs has a robust security and risk management program! Ask us for our ISO 27001 Certificate.
SOC 2 Type 2 Compliant
Ask for PortlandLabs latest SOC 2 Type 2 report for Concrete CMS Hosting. Included in scope is the development of the open source Concrete CMS as well.
We regularly review the SOC 2 reports of the organizations in PortlandLabs Web Hosting supply chain. Think of SOC 2 like Russian nesting dolls with PortlandLabs SOC 2 compliance building upon the SOC 2 compliance of our cloud service providers.
Carve Outs include AWS, Atlassian (Jira, Confluence, Bitbucket), Google Cloud, New Relic.
FedRAMP is a US Government certification with extremely rigorous requirements.
PortlandLabs meets all the controls required to be FedRAMP Moderate certified to the DoD Impact Level 2 (IL2 level). We perform all the necessary Continuous Monitoring.
Interested in having your sites be hosted in our FedRAMP specific environment? Need more information? Let’s talk about how we meet the FedRAMP controls. We are happy to provide a customer responsibility matrix of what your Agency responsibilities would be. Ask below!
Do you need a US Government PIV authentication and authorization capability for your website administration and editing? We license versions of the Employee portal used by the U.S. Army!
HIPAA/HITECH or PCI
Our external audits also provide independent proof that PortlandLabs hosting meet HIPAA and HITECH controls. Hosting your website with PortlandLabs will keep you in compliance with PCI.
Interested in more details?
Just ask below:
Open source, but fully supported.
Concrete CMS is free and open source under the MIT license, and is fully ISO:27001 compliant out of the box. If your organization's IT and compliance groups want to manage the platform yourself, you're welcome to!
If your team would rather focus on content, the team behind Concrete can host your website for you and help you maintain a safe, secure and compliant web presence. We have a detailed understanding of compliance requirements and security is baked into our processes from the ground up. You'll be able to sleep soundly knowing our people are watching out for your public presence on the web.
Support contracts are here to provide value & safety when you need it, but are never a requirement. You'll never get roped into some license fee you don't understand and can't control. You'll always own your content and your copy of the CMS, we're just eager to help if we can provide value.