Security & Compliance

FedRAMP

Palladium is a FedRAMP Ready SaaS (Software-as-a-Service) platform which meets stringent Federal security requirements and is used extensively throughout the Federal Government. 

Federal-Grade Security: FedRAMP ensures our systems meet rigorous cybersecurity standards based on NIST 800-53 controls.  Authorization enables us to securely support U.S. federal agencies and handle sensitive government data.

Operational Transparency: Our systems undergo annual independent third-party assessments, including penetration and red team testing, to validate security posture and resilience.

Trust and Accountability: FedRAMP standards signals to all clients – public and private – that we prioritize data protection, compliance, and continuous improvement.

Palladium has completed numerous FedRAMP 3rd Party Assessment Organization (3PAO) audits conducted by Schellman at the Moderate level, is listed in the FedRAMP marketplace, and has numerous Authorities to Operate (ATOs) at Federal agencies including OPM, FDIC, OCC, the Air Force, and others. Palladium is publicly designated as FedRAMP Ready on the FedRAMP Marketplace at a Moderate impact level:  https://marketplace.fedramp.gov/products/FR2326160742

ISO 27001

PDRI is ISO 27001 certified by Schellman, showing that PDRI has a robust Information Security Management System (ISMS) in place to systematically manage and protect sensitive data. This provides numerous business and security benefits beyond simple compliance, including enhanced brand reputation, competitive advantage, and cost savings.  The scope of the ISO/IEC 27001:2022 certification is the ISMS supporting the Palladium software as a service (SaaS) system, in accordance with the statement of applicability.

Data Privacy: GDPR and the Digital Privacy Framework

At PDRI, your trust is our top priority. That’s why we comply with the European Union’s General Data Protection Regulation (GDPR) – a leading global standard for data privacy and protection.  Palladium has been third-party verified to comply with all relevant GDPR regulations.   Our GDPR compliance means:

Transparency: You know exactly how your data is used.

Security: Your personal information is protected by industry-leading safeguards.

Control: You have the right to access, correct, or delete your data at any time.

Trust: We meet the highest standards of privacy, giving you confidence in every interaction.

Additionally, we are proud to be certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, further ensuring our data practices meet the highest standards of privacy and accountability.  PDRI’s participation in the DPF program can be found by searching for “PDRI” on the Department of Commerce’s Data Privacy Framework List[IS1] .  Our certification enables the lawful and secure transfer of personal data from the EU and UK to the U.S.

Accessibility

At PDRI, we believe digital access is a right – not a privilege. That’s why our platforms are built Inclusive by Design to be accessible to everyone, including individuals with visual, auditory, cognitive, and motor disabilities.  Accessibility is a primary consideration during the requirements, design, development, and testing of the platform. We build and test based on 100% compliance with WCAG 2.2 AA and Section 508 requirements, have a 3rd party perform an annual WCAG audit, and can provide a Voluntary Product Accessibility Template (VPAT) if requested.

Additional Certifications in Progress

At PDRI, we’re committed to exceeding industry standards for data protection and privacy. That’s why we’re actively pursuing SOC 2 Type 2 and ISO 27701 certifications, with completion expected in Q4 of 2025.

These certifications will further validate our dedication to:

  • Operational Integrity: SOC 2 Type 2 demonstrates that our security controls are not only well-designed but also consistently followed over time.
  • Privacy by Design: ISO 27701 extends our ISO 27001 framework to include robust privacy management practices aligned with global regulations like GDPR and CCPA.
  • Client Confidence: These additional third-party audits provide independent assurance that we handle your data with the highest levels of care, transparency, and accountability.

By investing in these certifications, we’re not just checking boxes – we’re reinforcing our role as a trusted partner for organizations that demand secure, compliant, and privacy-conscious solutions.

×

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.