Information Security Compliance

Hi Make,
Do you currently hold SOC2 and ISO27001 certifications?

If you do, how do I get copies of the reports?

My company looking to use you products and services and we need to complete due diligence before signing up!

Thanks,
Shane

@Michaela can answer better on this,

However, you can some reference at the Make’s security page.

https://www.make.com/en/security

1 Like

Hello there @shanemoore welcome to the community :wave:

And thanks a lot for the tag here @ManishMandot :pray:

:arrow_down: Let me to provide an overview of Make’s security compliance for the benefit of other users as well.


From a contractual perspective, with the launch of Make (www.make.com), the service is provided by Celonis, Inc. that also wholly owned Integromat since its acquisition in 2020.

Make has ISO 27001 certificate (you can find it here). At this time the team is concentrating on other certificates (such as SOC 2) and evaluating the customer’s demand for other certificates (including HIPAA).

Make also provides the Data is confidential option that, when selected, ensures that none of the data processed by a scenario is stored on our servers, and therefore cannot be displayed after the scenario executes.

The service is being provided based on the terms available on our new website:

Here you can generate your own DPA:

Some important notes in this regard, adding to the terms you can find on the website:

  • We have made an effort to make our terms a lot cleaner and more understandable.
  • Furthermore, we have updated our Data Processing Agreement (DPA) to make sure all GDPR requirements are accurately reflected.
  • For maximum transparency, a list of sub-processors and technical & organizational measures have been published under the provided links.

Make’s first priority is protecting your data.

The Make platform:

  • Uses encryption at all times.
  • Offers you certified secure (SOC 2 certification) hosting on AWS in the location of your choice (US/North Virginia or EU/Dublin).
  • Backs up data regularly.
  • Ensures maximum application and infrastructure security by regular third party security assessments.
  • Scans for production infrastructure vulnerability.
  • Features Static Application Security Testing (SAST).
  • Introduces a bug bounty program.
  • Provides differentiated levels of security features that will ensure your security requirements are met. For example: our highest plan, Enterprise plan, provides even the largest of companies with everything required to meet any internal or external regulatory security requirements. Learn more about Security in the Enterprise plan.

For further information, please contact our customer support team and select ‘Data Privacy/Security’ in the contact form.

1 Like