HARCH|CORP

BlogCompliance

Compliance

Compliance Center

Comprehensive compliance management for sovereign infrastructure with automated monitoring and reporting.

Certifications

Internationally recognized certifications validating our commitment to security, privacy, and operational excellence.

SOC 2 Type II

Soc2 Full Name

Status In Progress

SOC 2 Type II attestation demonstrating robust controls for security, availability, and confidentiality.

Scope

Soc2 Scope

Region

Global Region

Last Audit

Pending

ISO 27001

Iso27001 Full Name

Status In Progress

ISO 27001 certification for information security management systems across all operations.

Scope

Iso27001 Scope

Region

Global Region

Last Audit

Pending

ISO 22301

Iso22301 Full Name

Status In Progress

ISO 22301 certification for business continuity management systems ensuring operational resilience.

Scope

Iso22301 Scope

Region

Global Region

Last Audit

Pending

GDPR

General Data Protection Regulation

Status Achieved

Full compliance with the General Data Protection Regulation for European data protection standards.

Scope

Gdpr Scope

Region

EU Region

Last Audit

Ongoing

CCPA

California Consumer Privacy Act

Status Achieved

Full compliance with the California Consumer Privacy Act, ensuring consumer data rights and transparency.

Scope

Ccpa Scope

Region

US Region

Last Audit

Ongoing

Moroccan DPA

Moroccan Dpa Full Name

Status Achieved

Compliance with Moroccan data protection authority (CNDP) regulations for sovereign data residency.

Scope

Moroccan Dpa Scope

Region

Morocco Region

Auditor

Moroccan Dpa Auditor

Last Audit

Jun 2025

ISO 27017

Iso27017 Full Name

Status In Progress

ISO 27017 certification for cloud-specific information security controls and best practices.

Scope

Iso27017 Scope

Region

Global Region

Last Audit

Pending

ISO 27018

Iso27018 Full Name

Status In Progress

ISO 27018 certification for personally identifiable information protection in public clouds.

Scope

Iso27018 Scope

Region

Global Region

Last Audit

Pending

PCI DSS

Pci Dss Full Name

Status In Progress

PCI DSS compliance for secure payment processing across all financial infrastructure.

Scope

Pci Dss Scope

Region

Global Region

Last Audit

Pending

CSA STAR Level 2

Csa Star Full Name

Status In Progress

CSA STAR certification demonstrating our commitment to cloud security best practices.

Scope

Csa Star Scope

Region

Global Region

Last Audit

Pending

HITRUST CSF

HITRUST Common Security Framework

Status Planned

HITRUST CSF certification demonstrating healthcare data security and compliance readiness.

Scope

Hitrust Scope

Region

Global Region

Last Audit

Pending

FedRAMP

Federal Risk and Authorization Management Program

Status Planned

Federal Risk and Authorization Management Program authorization for government cloud services.

Scope

Fedramp Scope

Region

US Region

Last Audit

Pending

Regional Programs

Regional Compliance

Regional compliance frameworks ensuring data residency and regulatory adherence across all operating jurisdictions.

Morocco

Regional Programs

Compliance with Moroccan data protection law (CNDP), ANRT regulations, and sovereign data residency requirements.

Active Certifications

CNDP Registration

ANRT Telecom Compliance

Moroccan Data Residency

Sovereign Cloud Certification

European Union

Regional Programs

Full GDPR compliance with EU data protection standards, cross-border transfer safeguards, and data subject rights.

Active Certifications

GDPR Compliance

EU-US Data Privacy Framework

eIDAS Regulation

NIS2 Directive Compliance

Africa

Regional Programs

Compliance with African Union data protection frameworks and national data sovereignty regulations across operating markets.

Active Certifications

CNDP Compliance

AU Data Protection Framework

Moroccan ANRT Regulations

African Continental Free Trade Compliance

Global

Regional Programs

International compliance standards including ISO certifications, SOC 2, and industry-specific regulatory frameworks.

Active Certifications

ISO 27001 Certification

SOC 2 Type II Attestation

ISO 27017 Cloud Security

PCI DSS v4.0 Compliance

Audit Reports

Detailed audit reports with findings, recommendations, and remediation tracking for all infrastructure operations.

Document	Period	Auditor	Type
SOC 2 Readiness Assessment	FY 2025	PwC	Readiness Assessment
ISO 27001 Gap Analysis	FY 2025	BSI Group	Gap Analysis
Penetration Test Report	Annual	TrustedSec	Penetration Test
Cloud Security	FY 2025	KPMG	Cloud Security Assessment
GDPR DPIA	FY 2025	Ernst & Young	DPIA Assessment
CNDP Registration	FY 2025	CNDP	Data Protection Registration
BC Test	FY 2025	Deloitte	Business Continuity

DPA

Data Processing Agreement

Data Processing Agreements ensuring compliant handling of personal data across all service tiers.

Data minimization principles

Purpose limitation enforcement

Storage limitation policies

Data subject rights support

Processing records maintained

International transfer safeguards

Quick Reference

Governing LawMoroccan law with international arbitration fallback

Data ControllerHarch Corp as data controller with defined processing purposes

Data ProcessorAuthorized processors with GDPR-compliant sub-processing agreements

Sub-ProcessorsPublicly listed sub-processors with 30-day change notice

Breach Notification72-hour notification to supervisory authority per GDPR Article 33

Audit RightAnnual on-site audit with 30-day advance notice

Data DeletionData deleted within 30 days of contract termination

Cross-Border TransferStandard contractual clauses and adequacy decisions

Get Started

Explore our technical glossary and API documentation.

Request Briefing Back to Trust Center

HARCH|CORP

BlogCompliance

Compliance

Compliance Center

Comprehensive compliance management for sovereign infrastructure with automated monitoring and reporting.

Certifications

Internationally recognized certifications validating our commitment to security, privacy, and operational excellence.

SOC 2 Type II

Soc2 Full Name

Status In Progress

SOC 2 Type II attestation demonstrating robust controls for security, availability, and confidentiality.

Scope

Soc2 Scope

Region

Global Region

Last Audit

Pending

ISO 27001

Iso27001 Full Name

Status In Progress

ISO 27001 certification for information security management systems across all operations.

Scope

Iso27001 Scope

Region

Global Region

Last Audit

Pending

ISO 22301

Iso22301 Full Name

Status In Progress

ISO 22301 certification for business continuity management systems ensuring operational resilience.

Scope

Iso22301 Scope

Region

Global Region

Last Audit

Pending

GDPR

General Data Protection Regulation

Status Achieved

Full compliance with the General Data Protection Regulation for European data protection standards.

Scope

Gdpr Scope

Region

EU Region

Last Audit

Ongoing

CCPA

California Consumer Privacy Act

Status Achieved

Full compliance with the California Consumer Privacy Act, ensuring consumer data rights and transparency.

Scope

Ccpa Scope

Region

US Region

Last Audit

Ongoing

Moroccan DPA

Moroccan Dpa Full Name

Status Achieved

Compliance with Moroccan data protection authority (CNDP) regulations for sovereign data residency.

Scope

Moroccan Dpa Scope

Region

Morocco Region

Auditor

Moroccan Dpa Auditor

Last Audit

Jun 2025

ISO 27017

Iso27017 Full Name

Status In Progress

ISO 27017 certification for cloud-specific information security controls and best practices.

Scope

Iso27017 Scope

Region

Global Region

Last Audit

Pending

ISO 27018

Iso27018 Full Name

Status In Progress

ISO 27018 certification for personally identifiable information protection in public clouds.

Scope

Iso27018 Scope

Region

Global Region

Last Audit

Pending

PCI DSS

Pci Dss Full Name

Status In Progress

PCI DSS compliance for secure payment processing across all financial infrastructure.

Scope

Pci Dss Scope

Region

Global Region

Last Audit

Pending

CSA STAR Level 2

Csa Star Full Name

Status In Progress

CSA STAR certification demonstrating our commitment to cloud security best practices.

Scope

Csa Star Scope

Region

Global Region

Last Audit

Pending

HITRUST CSF

HITRUST Common Security Framework

Status Planned

HITRUST CSF certification demonstrating healthcare data security and compliance readiness.

Scope

Hitrust Scope

Region

Global Region

Last Audit

Pending

FedRAMP

Federal Risk and Authorization Management Program

Status Planned

Federal Risk and Authorization Management Program authorization for government cloud services.

Scope

Fedramp Scope

Region

US Region

Last Audit

Pending

Regional Programs

Regional Compliance

Regional compliance frameworks ensuring data residency and regulatory adherence across all operating jurisdictions.

Morocco

Regional Programs

Compliance with Moroccan data protection law (CNDP), ANRT regulations, and sovereign data residency requirements.

Active Certifications

CNDP Registration

ANRT Telecom Compliance

Moroccan Data Residency

Sovereign Cloud Certification

European Union

Regional Programs

Full GDPR compliance with EU data protection standards, cross-border transfer safeguards, and data subject rights.

Active Certifications

GDPR Compliance

EU-US Data Privacy Framework

eIDAS Regulation

NIS2 Directive Compliance

Africa

Regional Programs

Compliance with African Union data protection frameworks and national data sovereignty regulations across operating markets.

Active Certifications

CNDP Compliance

AU Data Protection Framework

Moroccan ANRT Regulations

African Continental Free Trade Compliance

Global

Regional Programs

International compliance standards including ISO certifications, SOC 2, and industry-specific regulatory frameworks.

Active Certifications

ISO 27001 Certification

SOC 2 Type II Attestation

ISO 27017 Cloud Security

PCI DSS v4.0 Compliance

Audit Reports

Detailed audit reports with findings, recommendations, and remediation tracking for all infrastructure operations.

Document	Period	Auditor	Type
SOC 2 Readiness Assessment	FY 2025	PwC	Readiness Assessment
ISO 27001 Gap Analysis	FY 2025	BSI Group	Gap Analysis
Penetration Test Report	Annual	TrustedSec	Penetration Test
Cloud Security	FY 2025	KPMG	Cloud Security Assessment
GDPR DPIA	FY 2025	Ernst & Young	DPIA Assessment
CNDP Registration	FY 2025	CNDP	Data Protection Registration
BC Test	FY 2025	Deloitte	Business Continuity

DPA

Data Processing Agreement

Data Processing Agreements ensuring compliant handling of personal data across all service tiers.

Data minimization principles

Purpose limitation enforcement

Storage limitation policies

Data subject rights support

Processing records maintained

International transfer safeguards

Quick Reference

Governing LawMoroccan law with international arbitration fallback

Data ControllerHarch Corp as data controller with defined processing purposes

Data ProcessorAuthorized processors with GDPR-compliant sub-processing agreements

Sub-ProcessorsPublicly listed sub-processors with 30-day change notice

Breach Notification72-hour notification to supervisory authority per GDPR Article 33

Audit RightAnnual on-site audit with 30-day advance notice

Data DeletionData deleted within 30 days of contract termination

Cross-Border TransferStandard contractual clauses and adequacy decisions

Get Started

Explore our technical glossary and API documentation.

Request Briefing Back to Trust Center