Skip to main content

Other Compliance Frameworks

Files.com is frequently asked about a variety of regulatory and industry frameworks beyond our primary compliance certifications. This page summarizes our position on commonly referenced frameworks that may be relevant depending on customer-specific requirements or use cases.

FERPA (Family Educational Rights and Privacy Act)

This U.S. law governs the privacy of student education records. While FERPA does not have a formal certification process, Files.com offers access controls, encryption, and audit logging that can support institutional compliance efforts.

FedRAMP (Federal Risk and Authorization Management Program)

FedRAMP is a certification framework for cloud services used by U.S. federal agencies. Files.com is not FedRAMP-authorized and is not approved for use in federal cloud environments.

FIPS 140-3 (Federal Information Processing Standard - Cryptographic Module Validation)

FIPS 140-3 is a U.S. government standard that defines security requirements for cryptographic modules used in sensitive data environments. This was formerly known as FIPS 140-2.

Files.com does not currently offer FIPS 140-3 validated endpoints. Support for FIPS 140-3 is planned and expected to be introduced in 2026.

NDAA Section 889

This U.S. law restricts the use of certain foreign-made technologies in federal supply chains. Files.com is compliant with Section 889 and does not rely on restricted vendors or hardware.

CJIS (Criminal Justice Information Services Security Policy)

CJIS establishes security standards for systems that handle criminal justice information. Files.com is not certified for CJIS and is not recommended for use in environments subject to these requirements.

COPPA (Children's Online Privacy Protection Act)

COPPA regulates the collection of personal information from children under the age of 13. Files.com does not currently offer COPPA-specific functionality and is not intended for use in services directed at children.

21 CFR Part 11

21 CFR Part 11 governs the use of electronic records and electronic signatures in FDA-regulated industries. Files.com provides tools that can support compliance with Part 11, but compliant use of the platform depends on appropriate customer-side configuration.

WCAG / ADA (Web Content Accessibility Guidelines / Americans with Disabilities Act)

These standards promote accessible digital experiences. Files.com aligns with WCAG guidance and offers a Voluntary Product Accessibility Template (VPAT) upon request.

PIPEDA (Personal Information Protection and Electronic Documents Act)

PIPEDA is Canada’s national privacy law for private-sector organizations. Files.com supports PIPEDA compliance through configurable access controls, audit logging, and regional data storage options.

Privacy Shield

Files.com maintains legacy self-certification under the EU–U.S. and Swiss–U.S. Privacy Shield frameworks, which have been invalidated as lawful data transfer mechanisms.

ICO Registration (UK Information Commissioner's Office)

Files.com is not registered with the UK Information Commissioner’s Office (ICO), as our business operations do not require it under current UK data protection law.

ISO/IEC 27001 (Information Security Management Systems)

ISO 27001 is a global standard for managing information security risks. Files.com intends to pursue ISO 27001 certification in the future.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.

Start My Free Trial