Security Certifications

3SS operates to the highest standards of data protection, privacy, and system integrity. Our certifications, audits, and ongoing testing practices demonstrate a continuous commitment to safeguarding client information and maintaining operational excellence.

SOC 2 Type II

Certified for Security, Availability, and Confidentiality
3SS has successfully completed an independent SOC 2 Type II audit, confirming the effectiveness of our controls across infrastructure, application security, and data management.

Covers the fiscal year period of July - June under the AICPA Trust Services Criteria.
Verifies ongoing monitoring, incident response, and risk management practices.
Includes testing of encryption, logical access, change management, and vendor oversight controls.

ISO/IEC 27001

Information Security Management System (ISMS)
ISO 27001 certification affirms that 3SS has a formalized, continuously improving ISMS.

Framework ensures confidentiality, integrity, and availability of data.
Annual recertification and internal audits verify control effectiveness.
Covers secure data storage, access control, risk assessment, and incident management.

GDPR & Global Privacy Compliance

3SS meets the requirements of the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Canadian Privacy Act and supports compliance for clients operating globally.

Data processing, consent, and retention aligned with regional regulations.
Configurable data anonymization and masking options.
Support for client-driven data deletion and subject access requests.

Certified Azure Data Centers

Our SaaS environment is hosted on Microsoft Azure, providing enterprise-grade infrastructure with global redundancy and built-in security.

ISO 27001, SOC 1, and SOC 2 certified data centers.
Continuous monitoring, DDoS protection, and intrusion detection.
Granular role-based access and geographic redundancy for uptime and resilience.

Penetration Testing & Vulnerability Management

We partner with independent cybersecurity firms to assess and strengthen our environment regularly.

Annual full-scope penetration test covering web application and network layers.
Quarterly vulnerability scans of cloud infrastructure.
Remediation tracked and validated under our secure change control process.
Continuous monitoring via Azure Defender and automated alerting systems.

Diagram showing key features of Microsoft Azure, including scalability, security, worldwide access, hybrid capability, and flexibility.

Operational Security Controls

Beyond certifications, 3SS maintains a robust operational security program.

Encryption – AES-256 encryption at rest, TLS 1.2+ for data in transit.
RBAC – Role-based access control on a least-privilege principle.
Environment Segregation – Clear separation between development, test, and production environments.
Audit Logging – Immutable logs ensure traceability and compliance visibility.

Request our Security Brief

Silhouette of a hand holding a padlock at sunset, with digital network lines and nodes overlaid, representing cybersecurity or digital security.

Silver and black shield-shaped badge with the text 'SOC 2 TYPE 2' and a blue circular emblem that says 'AICPA SOC'

ISO 27001 certification badge for information security management system.

Featured

3 Story Software Achieves SOC 2® Type II Compliance for 2024

We are excited to announce that we have successfully completed our System and Organization Controls (SOC) 2® Type II Audit for the period June 1, 2023, to June 30, 2024. The audit confirmed the effectiveness of our robust privacy practices, ensuring that sensitive customer information is fully protected.

3 Story Software (3SS) Recognized as a ‘Major Contender’ in Everest Group’s 2024 VMS PEAK Matrix® Assessment.

3 Story Software (3SS), a leading provider of contingent workforce management solutions, is proud to announce that it has been acknowledged as a ‘Major Contender’ in Everest Group’s 2024 Vendor Management System (VMS) PEAK Matrix® Assessment.

How to Assess Workforce Programs + Leveraging VMS for Optimal Results

Discover how to optimize your contingent workforce program through effective assessment and the strategic use of Vendor Management Systems (VMS). Learn key strategies for improving your workforce management and achieving better results. Read more to gain a competitive edge in your staffing operations.

Count on Savings: VMS Unleashed!

In today's dynamic business landscape, managing a contingent workforce program with precision and efficiency has become imperative for organizations seeking to optimize their operations. Implementing a Vendor Management System (VMS), also known as an Extended Workforce Management System (EWS), can be a game-changer in this regard, offering a multitude of benefits that go far beyond mere administrative streamlining.

3SS Global Compliance

Explore the world of compliance for contingent workforces across diverse international jurisdictions. Discover how 3SS empowers customers to navigate complex global regulations seamlessly.

3 Story Software Named a ‘Major Contender’ in Everest Group’s VMS PEAK Matrix® Assessment

3 Story Software (3SS), a leading provider of contingent workforce management solutions, is proud to announce that it has been acknowledged as a ‘Major Contender’ in Everest Group’s 2023 Vendor Management System (VMS) PEAK Matrix® Assessment.

What to Consider in Your VMS Proof of Concept (POC)

Implementing a new workforce management technology, and onboarding new clients with it, can be a challenging process that keeps contingent labor programs from engaging in new technology that might otherwise serve them.

3SS Upgrades its Diversity, Equity & Inclusion Features

3SS continues to grow and evolve with their clients globally by building a system that collects and provides relevant and actionable diversity data during the recruitment process.