File Transfers Remain Compliant with Security Standards

GDPR, GxP, PCI DSS and HIPAA compliant file sharing can be maintained with cloud managed file transfer (MFT) solutions that have several key security features, including

  • Encryption in transit and at rest
  • Role-based access controls
  • Multi-level retention policies
  • Audit and logging

secure file transfer compliance


If your business processes personal data of any EU citizens or residents, you must comply with General Data Protection Regulation (GDPR). By securing data in transit and at rest, Thru can help your business remain compliant.
GDPR compliance information »
Thru GDPR Compliance Policy »


GxP refers to general “good practices” in regard to quality guidelines and regulations, with the “x” standing for various fields or industries. Thru has core features that enable compliance to GxP and FDA 21 CFR Part 11. Key functionality for creating, storing and managing GxP-regulated files includes granular audit, role-based access controls, end-to-end encryption (E2EE) and antivirus scanning.
GxP and FDA 21 CFR Part 11 compliance information »
Thru GxP Compliance Policy »


Health Insurance Portability and Accountability Act (HIPAA) was put in place in 1996 to protect patients’ protected health information (PHI). Any company that has access to PHI must achieve and maintain HIPAA compliance. Thru’s tracking and monitoring capabilities can help maintain compliance.
HIPAA compliance information »
Thru HIPAA Compliance Policy »


The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that protects debit and credit cardholders from fraud. Several features of MFT solutions, such as encryption in transit and at rest, antivirus scanning, role-based access controls and tracking, help companies achieve compliance.
How MFT Helps with PCI Compliance »

Data Center Certification

Thru runs in certified Microsoft Azure data centers in the United States, United Kingdom, Germany and Australia. Azure data centers are compliant with the following security standards:

  • SSAE 18 / ISAE 3402 (previously SAS 70)
  • SOC 3 SysTrust
  • ISO 27001
  • PCI Level 1 Service Provider Certified
  • Tier III Standards Compliant

How to Keep Files Secure at Rest »

Azure Compliance (External) »

Third-Party Security Assessments & Certificates

Thru has been assessed by third-party vendors and complete results reports are available upon request:

SecurityScorecard logo

bitsight technology logo

CyberVadis logo

Cyber Essentials Certified logo

Audit & Logging

An administrator can easily produce an audit trail for all files that pass through our secure file transfer solution. Thru’s MFT solution records granular details of secure file transfer activity, user actions, metadata and any changes to records in the system. These logs can be viewed in dashboards, manually downloaded or consumed over APIs.

Monitor & Audit Logs for Secure File Transfer »

Retention Policies

Thru supports multiple levels of data retention, allowing organizations to clear processed files either by purging or archiving after a specified period in accordance with corporate policies and industry or government regulations.

How to Manage Retention for Secure File Transfers »

Service Level Agreement (SLA)

Thru continues to work diligently to ensure our hardware and technology is the most reliable in our industry. By focusing on infrastructure and reliability, Thru provides a standard SLA of 99.9%.
SLA for managed file transfer »
Thru Service Level Agreement (SLA) »

Business Continuity

Thru has an up-to-date business continuity plan. Annual business continuity tests and exercises ensure response teams understand their roles and responsibilities. Compliance is demonstrated through a formal governance process.
Thru Business Continuity Plan »

Corporate Privacy Policy

For information about Thru’s corporate privacy and compliance:
Thru Privacy Policy »

Secure File Transfer Overview

Besides helping your company remain compliant, Thru has strong security measures in place to protect files, provide strong authentication and prevent business disruption.


Have questions about security and compliance for file transfers?

Get answers, not a sales pitch. Since 2002, we have addressed and solved secure file transfer challenges.


Scroll to Top