Enterprise Security.
Compliance-Ready.
No Drama.

Broadcast is trusted by organizations of all sizes across all industries due to our deep commitment to security and compliance standards.

Last updated:
December 20, 2025

Why Security Teams Love Broadcast

Broadcast is a SOC 2 Type II internal communications platform with SSO, encryption, backups, and audit-ready controls.

Compliance

Built for Your Peace of Mind

GDPR

Broadcast supports GDPR-aligned data protection practices through strong security controls, access governance, and data handling procedures.

CCPA / CPRA

Broadcast supports customer obligations under CCPA and CPRA by enabling visibility, control, and secure handling of personal information.

VPAT

VPAT documentation is available upon request, and accessibility considerations are incorporated into product design and testing workflows, with ongoing efforts to align with applicable WCAG accessibility standards.

Broadcast supports GDPR and CCPA/CPRA requirements. VPAT available.

Data Security

Encryption in Transit and at Rest

All data is encrypted both in transit and at rest. Production data is continuously backed up to encrypted storage and supports restoration to specific points in time along a stream of database changes.

Full governance
TLS 1.2+ for data in transit
Full governance
AES-256 at rest
Full governance
HSTS to enforce HTTPS across domains/subdomains
Full governance
Encrypted backups with point-in-time recovery
Broadcast encrypts all data in transit using TLS 1.2+ and at rest using AES-256.

Identity & Access Management

Single-Sign-On (SSO)

Supports SAML-based SSO with common identity providers (e.g. Okta, Azure AD, Google Workspace). Authentication is delegated to the customer’s identity provider, allowing existing security controls to remain authoritative.

Full governance
Centralized authentication via customer identity provider
Full governance
Supports MFA and existing access policies through SSO
Cerkl requires background checks, training and most restrictive access controls for all employees.

Application Security

Secure Development and Testing

Broadcast applies disciplined application security practices throughout the software development lifecycle, combining peer review, automated testing, and ongoing dependency and infrastructure maintenance to reduce risk in production systems.

Full governance
Peer-reviewed code changes before release
Full governance
Automated vulnerability and dependency scanning (OWASP Top 10–aligned)
Full governance
Regular dependency updates and patching
Broadcast application security employs strict roles and permissions.

Device Security

Strong Security Controls

Work devices are centrally managed, fully encrypted, protected with endpoint security controls, and required to stay up-to-date. Access to internal tools is protected with SSO and MFA.

Full governance
SSO + MFA required for internal tooling
Full governance
Real-time malware detection
Cerkl employees strict device control procedures including SSO and MFA.

Security and Compliance FAQs

Answers to common questions about SOC 2 Type II, SSO (SAML), encryption, backups, privacy regulations, and accessibility.

If you still have questions, just ask us!
Is Cerkl Broadcast SOC 2 Type II certified?
Cerkl Broadcast is SOC 2 Type II certified. SOC reports are available upon request as part of a security review.
Does Cerkl support Single Sign-On (SSO)?
Yes. Broadcast supports SSO via SAML with common identity providers. Customers can enforce MFA and access policies through their identity provider.
How is data encrypted at rest?
Data stored by Broadcast is encrypted at rest using AES-256. Additional encryption protections may be applied to certain sensitive values.
How is data encrypted in transit?
Data in transit is protected using modern TLS (1.2+), encrypting traffic between users, systems, and Broadcast.
Do you maintain backups and support recovery?
Production data is backed up to encrypted storage and supports point-in-time recovery to restore data to a specific prior state.
Do you log and audit access?
Broadcast maintains logging for key system access and activity, and access is periodically reviewed and audited as part of security operations.
Do you support GDPR and CCPA/CPRA requirements?
Broadcast is designed to support customer privacy obligations through security controls, access governance, and data handling procedures. Customers remain responsible for configuring and using the platform in accordance with applicable laws.
Do you provide a VPAT?
VPAT documentation is available upon request. Accessibility considerations are incorporated into design and testing, with ongoing efforts to align with applicable WCAG standards.
Do you perform security testing and code review?
Code changes require peer review and must pass automated testing, including vulnerability and dependency scanning.
How are system issue notifications managed?
Broadcast system status can be monitored in near real-time via the Broadcast Status Page. You can also subscribe to receive notifications/alerts.

Where to next?

Let's discuss your environment

Schedule a chat
IT thanking internal communicators for selecting Cerkl Broadcast.

Learn more about our launch process

Learn more →
Internal communicators monitoring the launch of their Broadcast instance.