Pivotree Audits & Certifications

At Pivotree, we are committed to improving the confidentiality, integrity, and availability of our client’s information. As part of this commitment we have undertaken the process to continuously improve Pivotree’s information security posture by adopting and incorporating best practices into critical aspects of our business processes across the company. We understand that our clients require assurances around our practices and have committed to certify against widely accepted and internationally recognized standards and audits including the AT-101, ISO27001, and PCI DSS.

AT-101 SOC-2

Pivotree undergoes the process to perform a comprehensive SOC2 audit of its data centre operations. The audit is performed annually by AuditWerx. AT-101 (AT Section, 101 Attest Engagements) is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). This is important in today’s environment due to increased business process outsourcing and Sarbanes-Oxley compliance. Completion of the AT-101 SOC2 designations acknowledge that Pivotree’s processes and controls have been evaluated and tested by an independent service auditor. For publicly traded companies and companies in the health care, financial services, and insurance sectors, third-party validation of information security controls is often required by law. By outsourcing with Pivotree, companies can avoid the tens of thousands of dollars it costs to audit their own Data Centre operations.

ISO 27001

ISO/IEC 27001:2013 Information Security Standards (ISO 27001) is the international standard for which Pivotree was recommended by BSI in December 2008. ISO 27001 certification ensures a company has a best-in-class Information Security Management System (ISMS) and is the highest level of certification for Information Security that a managed service provider can achieve. Pivotree is one of the only IT service management companies in North America to achieve this certification. This certification reflects Pivotree’s dedication to the highest standards of Information Security for its customers.


ITIL (Information Technology Infrastructure Library) is the widely accepted framework of best practices for managing (IT) infrastructure, development and operations. Pivotree services and operational model follows ITIL best practices and ITIL training and certification is a standard for its IT operations staff. ITIL allows customers to integrate Pivotree’s services seamlessly into their own ITIL work flows and benefit from proven best practices for IT service management.

PCI Compliant

Pivotree has helped dozens of SaaS and E-Commerce clients implement controls and certify their environment to the PCI-DSS standard. Whether it’s meeting with third party auditing firms, producing technical documentation or touring Data Centre facilities, Pivotree maintains complete transparency of its managed services to ensure confidence in its operations and facilitate compliance activities. Pivotree clients can simplify the PCI-DSS compliance process by leveraging our advanced security services including security testing, WAF, PCI tokenization and more. Pivotree has also completed the certification process for its own internal credit card data systems as a level 4 merchant.

VISA PCI Certified

VISA PCI CertifiedPivotree is listed As Third Party Service Provider for MasterCard Worldwide and Visa Canada. These two compliance programs are designed to enhance the security of payment transactions, and Pivotree is listed as a Third Party Service Provider that can store, process, and transmit cardholder data on behalf of the card brands’ merchants. Credit card issuers and acquirers must use the PCI Data-Security Standard (PCI-DSS), and are responsible for ensuring that their merchants use service providers that are compliant with this standard. As a PCI-DSS compliant service provider, Pivotree successfully completed the mandatory registration and validation processes for both the MasterCard and Visa programs.

Microsoft Gold Certified Partner

Microsoft Gold Certified PartnerTo be a Microsoft Gold Certified Partner, Pivotree must demonstrate its expertise with Microsoft-based technologies. It must also demonstrate its ability to leverage Microsoft technologies to meet customer requirements for enterprise-class hosting solutions that balance performance, reliability, scalability, security and cost. Pivotree’s Gold Partner certification shows the depth and flexibility of its solutions engineering and technical services departments.

RedHat Enterprise Ready Hosting Partner

RedHat Ready Hosting PartnerOur technical support teams are certified experts in Red Hat Enterprise Linux. Pivotree supports a variety of open-source UNIX-type operating systems including: Ubuntu, Fedora, Debian and FreeBSD.