Security at Assima

Key Features

Integrated identity & access management

Assima provides an integrated identity management solution for its customer that includes:

Assima Authentication

Assima’s built-in Role-Based Authentication Control(RBAC) offers the ability to create fine-grained access control policies. These policies enable our users to protect sensitive resources and enforce authorization decisions.

Enterprise Integration

Assima’s SSO support enables enterprises to use the platform with their own centralized Identity and Access Management System. This enables our clients to enforce their compliance requirements, maintain internal onboarding and off-boarding procedures and allow their users to seamlessly and securely sign-in with their corporate accounts.

Information governance

Assima offers flexible governance and risk-management capabilities. This includes global retention policies, data protection policies, and custom terms of service.

Data Protection

Privacy by design and by default

Privacy is embedded into the design and architecture of Assima’s products and services. By default, privacy is built into the solutions and is an integral part of the Assima products. With Assima, you have the option to protect your data by bringing your own key (BYOK), and using tools such as audit logs, and client-side encryption.

All data is encrypted at rest and in transit.

Assima gives you the option to mask sensitive data before uploading content into a system.

By default, our solution only requires the necessary data to create content.


Our growing client base requires the highest level of trust when it comes to security and data protection. We earn it continuously through our commitment to proactive security improvements. Assima is subject to independent, third-party audits to test for continued conformity.

ISO/IEC 27001

Information Security Management System (ISMS)

ISO/IEC 27701

Privacy Information Management System (PIMS).

EU General Data Protection Regulation (GDPR)

Assima is committed to the privacy and protection of personally identifiable information (PII) as defined under the General Data Protection Regulation (GDPR). Assima has taken all reasonable steps to ensure that it complies with the data protection laws.

Data residence

Assima gives customers the option to house data in a data center in North America or Europe to meet data localization requirements and to comply with applicable data protection laws.

Why Assima joined the world’s first public cloud built for financial services by IBM

Assima is now ISO27001 certified