Certifications and Compliance
Cloud Security Compliance
To ensure that your personal and financial information is securely managed, Melissa has received a number of certifications.
Melissa takes data protection, data security, and legal compliance very seriously. That is why Melissa continuously undertakes independent security reviews. These certifications emphasis Melissa's commitment to safety and quality.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is an EU regulation on data protection and privacy protection for all persons within the European Union (EU) and the European Economic Area (EEA). The GDPR aims primarily to give individuals control over their personal data and to process them uniformly - within the European Union.
We process your data in accordance with the GDPR. For more information, please read our Data Protection & Privacy.
SOC 2 Type 1 and Type 2
SOC2 examinations are based on standards set forth by the American Institute of CPAs (AICPA). The process is widely recognized for establishing ethical and auditing practices for private companies, nonprofit organizations, and federal, state and local governments, and represents that a service organization has been through an evaluation of their control activities as they relate to applicable Trust Services Principles and Criteria. Conducted in accordance with the group’s SOC reporting standards, Melissa’s audit was executed by SSAE 16 Professionals, LLP, one of the nation's leading CPA firms performing SOC2 examinations. Melissa has successfully obtained SOC 2 Type 1 and Type 2 certifications.
SOC 2 Type 1, a report on management’s description of the service organization's system and the suitability of the design of the controls.
Type 2
SOC 2 Type 2, a report on management’s description of the service organization's system and the suitability of the design and operating effectiveness of the controls.
HIPAA and HITECH – Protected Health Information
Melissa conducts ongoing annual third-party assessments in order to certify its adherence to the security standards required by HIPAA and HITECH Common Security Framework.
This legislation regulates the use and disclosure of an individual’s health information in any format, known as Protected Health Information (PHI). PHI includes a wide set of personally identifiable health and health-related data, from insurance and billing information to diagnosis data, clinical care data, and lab results. These rules apply to “Covered Entities”, which include hospitals, medical services providers, employer sponsored health plans, research facilities and insurance companies that deal directly with patients and patient data, as well as “Business Associates”.
HIPAA was expanded by the Health Information Technology for Economic and Clinical Health Act in 2009. HIPAA and HITECH establish a set of federal standards intended to protect the security and privacy of PHI. For additional information on how HIPAA and HITECH protect health information, visit: here.
International Postal Certification
Melissa’s international address verification solutions are able to parse, analyze, correct, and format addresses according to local postal standards to ensure your mail gets to the right address. Melissa holds Canada Post SERP®, Royal Mail, and EIRcode® certifications for address verification in Canada, the United Kingdom, and Ireland. Additionally, Melissa also holds USPS® CASS™/DPV®, UPSP PAVE™, USPS NCOALink® and Canada Post® NCOA certifications for the United States and Canada.