Other Compliance Frameworks
Customers frequently ask about regulatory and industry frameworks beyond Files.com's primary compliance certifications. This page covers Files.com's position on the frameworks that come up most often, including the ones where Files.com is not certified.
FERPA (Family Educational Rights and Privacy Act)
FERPA is a U.S. law governing the privacy of student education records. FERPA does not have a formal certification process. Files.com offers access controls, encryption, and audit logging that support institutional compliance efforts.
Government Compliance Frameworks
Files.com is not currently authorized for use when compliance frameworks including FedRAMP, StateRAMP, and TX-RAMP are required. Files.com intends to pursue these frameworks and welcomes customers who want to help get Files.com onto the list of authorized vendors.
FIPS 140-3 (Federal Information Processing Standard — Cryptographic Module Validation)
FIPS 140-3 is a U.S. government standard that defines security requirements for cryptographic modules used in sensitive data environments. It was formerly known as FIPS 140-2.
Files.com does not currently offer FIPS 140-3 validated endpoints. Support for FIPS 140-3 is planned for 2026.
NDAA Section 889
NDAA Section 889 is a U.S. law restricting the use of certain foreign-made technologies in federal supply chains. Files.com is compliant with Section 889 and does not rely on restricted vendors or hardware.
CJIS (Criminal Justice Information Services Security Policy)
CJIS establishes security standards for systems that handle criminal justice information. Files.com is not certified for CJIS and is not recommended for environments subject to these requirements.
COPPA (Children's Online Privacy Protection Act)
COPPA regulates the collection of personal information from children under the age of 13. Files.com does not currently offer COPPA-specific functionality and is not intended for use in services directed at children.
21 CFR Part 11
21 CFR Part 11 governs the use of electronic records and electronic signatures in FDA-regulated industries. Files.com provides tools that support compliance with Part 11. Compliant use of the platform depends on appropriate customer-side configuration.
WCAG / ADA (Web Content Accessibility Guidelines / Americans with Disabilities Act)
These standards promote accessible digital experiences. Files.com aligns with WCAG guidance and offers a Voluntary Product Accessibility Template (VPAT) upon request.
PIPEDA (Personal Information Protection and Electronic Documents Act)
PIPEDA is Canada's national privacy law for private-sector organizations. Files.com supports PIPEDA compliance through configurable access controls, audit logging, and regional data storage options.
Privacy Shield
Files.com maintains legacy self-certification under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, which have been invalidated as lawful data transfer mechanisms.
ICO Registration (UK Information Commissioner's Office)
Files.com is not registered with the UK Information Commissioner's Office (ICO). Files.com's business operations do not require registration under current UK data protection law.
ISO/IEC 27001 (Information Security Management Systems)
ISO 27001 is a global standard for managing information security risks. Files.com intends to pursue ISO 27001 certification in the future.
NIS2 Directive (EU Network and Information Security Directive)
NIS2 is a European Union directive that strengthens cybersecurity risk management and reporting requirements for essential and important entities. Files.com is not directly subject to NIS2 and supports customer compliance through security controls, incident response procedures, and audit logging.
Get The File Orchestration Platform Today
4,000+ organizations trust Files.com for mission-critical file operations. Start your free trial now and build your first flow in 60 seconds.
No credit card required • 7-day free trial • Setup in minutes