INCLUDED IN ALL PLANS

Enterprise Security.
Compliance-Ready.

Broadcast is trusted by organizations of all sizes across all industries due to our deep commitment to security and compliance standards.

Last updated:
April 15, 2026

Why Security Teams Love Broadcast

Broadcast is a SOC 2 Type II internal communications platform with SSO, encryption, backups, and audit-ready controls.

Cerkl Broadcast aligns with global industry privacy practices such as GDPR and CCPA.

Compliance

GDPR

Broadcast supports GDPR-aligned data protection practices through strong security controls, access governance, and data handling procedures.

CCPA / CPRA

Broadcast supports customer obligations under CCPA and CPRA by enabling visibility, control, and secure handling of personal information.

VPAT

Accessibility considerations are incorporated into product design and testing workflows to align with applicable WCAG 2.1 Level AA. VPAT documentation is available upon request.

Cerkl Broadcast uses the latest in encryption technology.

Data Security

Encryption in Transit and at Rest

All data is encrypted both in transit and at rest. Production data is continuously backed up to encrypted storage and supports restoration to specific points in time along a stream of database changes.

Full governance
TLS 1.2+ for data in transit
Full governance
AES-256 at rest
Full governance
HSTS to enforce HTTPS across domains/subdomains
Full governance
Encrypted backups with point-in-time recovery
Cerkl Broadcast easily integrates with all major identity providers.

Identity & Access Management

Single Sign-On (SSO)

Supports SAML-based SSO with common identity providers (e.g. Okta, Azure AD, Google Workspace). Authentication is delegated to the customer’s identity provider, allowing existing security controls to remain authoritative.

Full governance
Centralized authentication via customer identity provider
Full governance
Supports MFA and existing access policies through SSO
Cerkl Broadcast is SOC2, Type 2 compliant.

Application Security

Secure Development and Testing

Broadcast applies disciplined application security practices throughout the software development lifecycle, combining peer review, automated testing, and ongoing dependency and infrastructure maintenance to reduce risk in production systems.

Full governance
Peer-reviewed code changes before release
Full governance
Automated vulnerability and dependency scanning (OWASP Top 10–aligned)
Cerkl Broadcast adheres to best practices for device security.

Device Security

Strong Security Controls

Work devices are centrally managed, fully encrypted, protected with endpoint security controls, and required to stay up-to-date. Access to internal tools is protected with SSO and MFA.

Full governance
SSO + MFA required
Full governance
Real-time malware detection

Security and Compliance FAQs

Answers to common questions about SOC 2 Type II, SSO (SAML), encryption, backups, privacy regulations, and accessibility.

If you still have questions, just ask us!
Is Cerkl Broadcast SOC 2 Type II certified?
Cerkl Broadcast is SOC 2 Type II certified. SOC reports are available upon request as part of a security review.
Does Cerkl support Single Sign-On (SSO)?
Yes. Broadcast supports SSO via SAML with common identity providers. Customers can enforce MFA and access policies through their identity provider.
How is data encrypted at rest?
Data stored by Broadcast is encrypted at rest using AES-256. Additional encryption protections may be applied to certain sensitive values.
How is data encrypted in transit?
Data in transit is protected using modern TLS (1.2+), encrypting traffic between users, systems, and Broadcast.
Do you maintain backups and support recovery?
Production data is backed up to encrypted storage and supports point-in-time recovery to restore data to a specific prior state.
Do you log and audit access?
Broadcast maintains logging for key system access and activity, and access is periodically reviewed and audited as part of security operations.
Do you support GDPR and CCPA/CPRA requirements?
Broadcast is designed to support customer privacy obligations through security controls, access governance, and data handling procedures. Customers remain responsible for configuring and using the platform in accordance with applicable laws.
Do you provide a VPAT?
Yes. VPAT documentation is available upon request. Broadcast supports the latest WCAG 2.1 Level AA requirements.
Do you perform security testing and code review?
Code changes require peer review and must pass automated testing, including vulnerability and dependency scanning.
How are system issue notifications managed?
Broadcast system status can be monitored in near real-time via the Broadcast Status Page. You can also subscribe to receive notifications/alerts.

Where to next?

Let's discuss your environment

Schedule a chat
IT thanking internal communicators for selecting Cerkl Broadcast.

Learn more about our launch process

Learn more →
Internal communicators monitoring the launch of their Broadcast instance.