Security & Compliance

How we protect your data and ensure regulatory compliance

Our Approach

Security is fundamental to our regulatory certification business. We operate a 100% cloud-native infrastructure on AWS, designed with security best practices from the ground up. While we are a small, specialized operation, we apply professional security controls at every layer of our platform.

Infrastructure Security

All our infrastructure runs on Amazon Web Services (AWS), which maintains SOC 2 Type II, ISO 27001, and over 140 security standards.

Hosting on AWS Amplify with global CDN via CloudFront

PostgreSQL database on AWS RDS with AES-256 encryption at rest

Database connections protected with TLS in transit

DNS managed via AWS Route 53 with DNSSEC protection

Automated daily backups with point-in-time recovery (35-day retention)

Infrastructure and application monitoring via AWS CloudWatch

Application Security

Our development process incorporates security practices at every stage of the development lifecycle.

Authentication managed by Clerk with role-based access control (RBAC)

Development workflow with separate branches and code review via pull requests

Separate development and production environments

Production data is not used in development environments

HTTPS enforced on all connections

Security headers configured (HSTS, X-Content-Type-Options, X-Frame-Options)

Access Control

We implement the principle of least privilege at all levels of access to our platform and infrastructure.

AWS IAM with multi-factor authentication (MFA) for administrators

Role-based access control for the platform (admin, user)

Source code in private GitHub repository with restricted access

Credentials and secrets stored in environment variables, never in source code

Email Security

Our email communications are protected with industry authentication standards.

Google Workspace with TLS encryption in transit

DKIM configured and verified (97.5% pass rate)

SPF with hardfail policy for spoofing prevention

DMARC in implementation

Endpoint Security

All work devices are equipped with OS-level security protections.

macOS with FileVault enabled (full disk encryption)

XProtect for malware protection

Gatekeeper for application verification

Automatic OS security updates

Data Handling

It's important to understand the nature of the data we process on our certification platform.

The data we process is public regulatory information. Per SUBTEL Resolution 737, this information must be published on a publicly accessible website via QR code. We do not store or process confidential, financial, or sensitive personal data from our clients.

Equipment technical specifications (frequencies, power, modulation) — public information by regulatory requirement

Test reports and testing documentation — technical compliance documentation

Declarations of conformity — texts required by SUBTEL regulations

Minimal commercial contact data (company name, contact email) — stored with encryption

Regulatory Compliance

We operate in strict compliance with Chilean telecommunications regulations and data protection laws.

Full compliance with SUBTEL Resolutions 1985, 737, and 2219

Adherence to Chile's Law 19,628 on Personal Data Protection

21+ years of experience in telecommunications regulatory certification

Processes aligned with the technical specifications of the Undersecretariat of Telecommunications

Our Providers' Certifications

Our infrastructure relies on providers that maintain the highest industry security certifications.

Amazon Web Services (AWS)

SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018, PCI DSS Level 1

Google Workspace

SOC 2, SOC 3, ISO 27001, ISO 27017, ISO 27018

Clerk (Authentication)

SOC 2 Type II, GDPR

Security Contact

If you have questions about our security practices or wish to report a concern, contact us directly.

diego@certificacion-telecom.cl

Last updated: March 2026