Compyl
Request Demo
Start here Platform Overview A guided, top-to-bottom tour of the entire GRC platform — one connected system, not point tools. Take the tour →
Govern
Policy ManagementCurrent, control-aligned policiesContract ManagementTrack every obligationAsset ManagementProtect critical assets
Comply & audit
ComplianceTest once, satisfy manyEvidence StudioAutomated, live evidenceTrust CenterShare your security postureUser Access ReviewsFast, accurate access reviews
Risk & third-party
Risk ManagementRisk in dollars, via FAIRThird Party InsightsObjective vendor risk in minutesVendor Risk ManagementManage third-party risk end to end
Compyl AI
Compyl AIAgentic AI across the platformCompyl CopilotAsk your GRC data anythingQuestionnaire AssistAI-drafted questionnaire answers
125+ integrations — connect your stackRequest a demo →
One control library Every framework, mapped Map a single control to every framework it satisfies — test once, prove many. See all frameworks →
Popular
SOC 2ISO 27001HIPAAPCI DSS
Standards
GDPRNIST CSFNIST SP 800-53ISO 42001
More
CCPAMASNIS2
Compliance, automated — how Compyl maps controlsRequest a demo →
Latest Inside Compyl 26.2 AI-powered GRC, from risk to audit — what's new in the platform. Read the post →
Learn
BlogInfoSec & compliance, trendingGuidesStep-by-step playbooks
Watch & grow
Security SessionsOn-demand episodesCase StudiesResults from real teams
Network
Partner NetworkCompyl Connect partners
Company Built by CISOs Our mission: make GRC adapt to how you work — not the other way around. About Compyl →
Company
About UsMission & teamCareersJoin the team
Trust
Our SecurityHow we protect youContact UsTalk to us
Company · Our Security

Security at Compyl — encrypted, monitored, and independently audited.

Scale your organization securely with Compyl, the GRC platform built by security practitioners. Data security, application security, and infrastructure security are designed in from day one, monitored continuously, and proven by an independently audited SOC 2 Type II.

Request Demo → See how we secure your data
SOC 2 Type II independently audited
Encrypted in transit & at rest
Monitored 24/7, daily
app.compyl.com SOC 2 Type II CompylSecurity posture · monitored 24/7 Data SecurityEncrypted · Azure Key Vault · Blob Storage Active Application SecurityThird-party pen tests · API keys vaulted Active Infrastructure SecurityAzure Web Apps · Private Endpoints · HTTPS Active Encryption everywhereTLS 1.2+ in transit · AES-256 at rest 100% of calls INDEPENDENTLY AUDITED SOC 2 Type IIAICPA Trust Services Criteria Report on request
SOC 2 Type II Current Independently audited AICPA Trust Services Criteria ✓ Report available on request
Continuous monitoring 1,000senvironments Scanned daily · errors logged in Azure
How does Compyl keep my data secure?

Compyl encrypts all customer data and stores it in secure databases, with files encrypted in Microsoft Blob Storage, secrets and API keys held in Azure Key Vault, identity managed through Microsoft Identity and Authorization, and access restricted by secure private endpoints. The application runs on Microsoft Azure with a REST API microservices architecture, is continuously evaluated by leading third-party penetration testing partners, and every call to and from your environment is secured over HTTPS. Compyl backs it with an independently audited SOC 2 Type II report.

We are a trusted partner

Three layers of security, built in

Compyl protects your data, your applications, and the infrastructure they run on — using the same security stack we help our customers govern.

Data Security

Compyl monitors customer environments and stores all data in secure databases, with encryption protecting every asset. We use tools like Azure Key Vault, Microsoft Identity, Microsoft Authorization, and secure private endpoints. All files uploaded to Compyl are encrypted and stored in Microsoft Blob Storage.

Application Security

Compyl partners with many of the world’s leading third-party penetration testing services. We constantly evaluate the source code, running applications, and deployed environments. API keys are stored in Azure Key Vault, the app is covered by unit and automation testing, and internal errors are logged in Microsoft Log Analytics.

Infrastructure Security

Compyl uses Azure Web Apps to host customer environments and leverages the full Azure security ecosystem — Key Vault, Blob Storage, Log Analytics, Virtual Networks, and Private Endpoints. The application is powered by a REST API microservices architecture, and every call to and from your environment is secured with HTTPS.

  •   Found a security issue? Report it through our responsible disclosure process — our security team investigates every report.
    • We practice what we preach

    We run the same program we sell

    Compyl was built by information security experts — so our own posture is held to the standard we help thousands of teams reach. We maintain an independently audited SOC 2 Type II and monitor our environments every day.

    SOC 2 Type II
    AICPA SOC
    Encrypted by default
    Hosted on Microsoft Azure
    By the numbers

    Monitoring thousands of environments daily

    1,000s
    Environments monitored every day
    SOC 2
    Type II — independently audited
    AES-256
    Encryption at rest, TLS in transit
    100%
    Calls secured over HTTPS
    Recognized by users on G2

    Rated a leader by the teams who use it

    G2 High Performer, Mid-Market
    G2 Momentum Leader
    G2 Fastest Implementation, Go-Live Time
    G2 Best Support, Quality of Support
    G2 Best Meets Requirements, Mid-Market
    FAQ

    Security questions, answered

    Yes. Compyl maintains a SOC 2 Type II report, independently audited against the AICPA Trust Services Criteria. Customers and prospects can request the report through our team.

    All customer data is encrypted and stored in secure databases. Uploaded files are encrypted and stored in Microsoft Blob Storage, secrets and API keys are held in Azure Key Vault, identity and authorization run on Microsoft Identity, and access is restricted with secure private endpoints.

    Compyl runs on Microsoft Azure using Azure Web Apps, and leverages Azure security products including Key Vault, Blob Storage, Log Analytics, Virtual Networks, and Private Endpoints. The application uses a REST API microservices architecture, and every call to and from a customer environment is secured over HTTPS.

    Yes. Compyl partners with leading third-party penetration testing services and continuously evaluates source code, running applications, and deployed environments — backed by unit and automation testing, with centralized error logging in Microsoft Log Analytics.

    If you’ve found a potential vulnerability, please reach out through our responsible disclosure process so our security team can investigate and respond.

    GRC YOUR WAY

    Rapidly mature your security program with Compyl

    An all-in-one, streamlined GRC platform created by information security experts — built secure, monitored continuously, and independently audited.

    Get Started →
    By clicking “Accept”, you agree to the use of cookies on your device in accordance with our Privacy and Cookie policies
    Accept