Remain Compliant with
IT Security Standards

Cloud managed file transfer (MFT) solutions have several key features to help achieve compliance, including

  • Encryption in transit and at rest
  • Role-based access controls
  • Multi-level retention policies
  • Audit and logging

secure file transfer compliance


If your business processes personal data of any EU citizens or residents, you must comply with General Data Protection Regulation (GDPR). By securing data in transit and at rest, Thru can help your business remain compliant.
GDPR compliance »


Health Insurance Portability and Accountability Act (HIPAA) was put in place in 1996 to protect patients’ protected health information (PHI). Any company that has access to PHI must achieve and maintain HIPAA compliance. Thru’s tracking and monitoring capabilities can help maintain compliance.
HIPAA compliance »


The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that protects debit and credit cardholders from fraud. Several features of MFT solutions, such as encryption in transit and at rest, antivirus scanning, role-based access controls and tracking, help companies achieve compliance.
PCI compliance »

Data Center Certification

Thru runs in certified Microsoft Azure data centers in the United States, United Kingdom, Germany and Australia. Azure data centers are compliant with the following security standards:

  • SSAE 18 / ISAE 3402 (previously SAS 70)
  • SOC 3 SysTrust
  • ISO 27001
  • PCI Level 1 Service Provider Certified
  • Tier III Standards Compliant

File Security at Rest »

Azure Compliance (External) »

Retention Policies

Thru supports multiple levels of data retention, allowing organizations to clear processed files either by purging or archiving after a specified period in accordance with corporate policies and industry or government regulations.

Data Retention »

Audit & Logging

An administrator can easily produce an audit trail for all files that pass through our secure file transfer solution. Thru’s MFT solution records granular details of secure file transfer activity, user actions, metadata and any changes to records in the system. These logs can be viewed in dashboards, manually downloaded or consumed over APIs.

Audit logging »

Service Level Agreement (SLA)

Thru continues to work diligently to ensure our hardware and technology is the most reliable in our industry. By focusing on infrastructure and reliability, Thru provides a standard SLA of 99.9%.
Service Level Agreements »

Business Continuity

Thru has an up-to-date business continuity plan. Annual business continuity tests and exercises ensure response teams understand their roles and responsibilities. Compliance is demonstrated through a formal governance process.

Third-Party Security Assessments

Thru has been assessed by third-party vendors and complete results reports are available upon request:

  • CyberVadis: 794 / 1000 for a rating of Developed.
  • SecurityScorecard: 97% Security Score.

CyberVadis Security Assessment »

SecurityScorecard Security Rating »

Corporate Privacy Policy

For information about Thru’s corporate privacy and compliance:
Privacy Policy »

Secure File Transfer Overview

Besides helping your company remain compliant, Thru has strong security measures in place to protect files, provide strong authentication and prevent business disruption.


Have questions about security and compliance for file transfers?

Get answers, not a sales pitch. Since 2002, we have addressed and solved secure file transfer challenges.


Scroll to Top