Industry Standard Security and Compliance
We know you have professional and ethical obligations to ensure that your data is safe. We meet or exceed industry best practices to ensure that your data is accessible to you—and only you.
Flywire utilizes advanced antivirus to protect your data. We have partnered with Sentinel One to provide cutting edge malware and ransomware protection for our clients. SentinelOne doesn’t need any prior knowledge of an attack to detect it and remediate it. That’s because it applies machine learning and AI to continuously outflank attackers. Always evolving with theever-changing threat landscape, the SentinelOne platform is ready to stop types of attacks that don’t yet exist. So people can work, live, and use technology free from threats and unencumbered by intrusive security.
SOC 1 Type 2
This dual-standard report is intended to help Flywire customers and their auditors in evaluating the effect of the controls at Flywire on their financial statement assertions. The SOC 1 report attests that Flywire’s control objectives are appropriately designed and operating effectively.
Flywire is certified under ISO/IEC 27001:2013, which is an auditable international standard that formally outlines requirements for an Information Security Management System (ISMS) to help protect and secure an organization’s data.
SOC 2 Type 2
The SOC 2 report is an attestation report that provides an evaluation of controls specific to the criteria set forth by the American Institute of Certified Public Accountants (AICPA) Trust Services Principles. These principles define leading practice controls relevant to security, and availability.
SOC 3 Type 2
The SOC 3 report is a Trust Services Report, and is designed to meet the needs of Flywire customers that want assurance about Flywire’s controls related to security and availability but do not need the level of detail provided in a SOC 2 Report.
Level 1 Service Provider under PCI DSS
Flywire is certified under PCI DSS as a Level 1 service provider. This means that Flywire data centers, cloud infrastructure operations are PCI DSS compliant.
HIPAA / HITECH Security Rule Compliance Report (AT 101)
Flywire data centers and cloud infrastructure meet the stringent requirements for IT compliance with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. We have implemented the physical, technical, and administrative safeguards to ensure that confidential electronic protected health information (ePHI) is secure.
EU-U.S. Privacy Shield Framework
Flywire is certified under the EU-U.S. Privacy Shield Framework.
Tier 3 Data Center
All of Flywire’s data is stored in a secure Tier 3 data center in Atlanta, Georgia. We also have a redundant backup system in Boston, Massachusetts as well.
Redundant Internet Connections
Our Tier 3 data center’s internet connection has redundancy. In the unlikely event we experience an outage with our primary internet service provider, we have not just one, but two different backup providers available.
In addition to reliable power from the grid, our data center has multiple uninterruptible power supplies and a backup diesel generator. We even have a backup backup generator for added protection.
Layers of Physical Security
Multiple layers of physical security ensure that only authorized personnel have access to our systems. We employ video surveillance, RFID security badges, PIN codes, biometric fingerprint scans, and server cabinet locks to maintain the integrity of our system.
We have multiple state-of-the-art firewalls to protect your data. In addition, we vigilantly monitor our servers 24/7 with intrusion detection software that senses, prevents, and disrupts hacking attempts.
We utilize high-grade secure socket layer (SSL) encryption to make sure no one is able to intercept your data in transmission from public networks like coffee shops or airports.
If you have any questions about our security measures, please contact us for more information.