Hosting Compliance

PortlandLabs has third party validation for hundreds of global compliance requirements that we continually monitor to help you meet  the security and compliance standards you need to maintain your own compliance and/or peace of mind. 

PortlandLabs is the founders and maintainers of Concrete CMS (concrete5). For security information for that open source project please visit

For information on PortlandLabs Concrete CMS Hosting Security please visit Concrete CMS Hosting Security

ISO 27001 Certified

This certification proves that Portlandlabs has a robust security and risk management program! Ask us for our ISO 27001 Certificate.

SOC 2 Type 2 Compliant

Ask for PortlandLabs latest SOC 2 Type 2 report for Concrete CMS Hosting.  Included in scope is the development of the open source Concrete CMS as well.

We regularly review the SOC 2 reports of the organizations in PortlandLabs Web Hosting supply chain. Think of SOC 2 like Russian nesting dolls with PortlandLabs SOC 2 compliance building upon the SOC 2 compliance of our cloud service providers. 

Carve Outs include AWS, Atlassian (Jira, Confluence, Bitbucket), Google Cloud, New Relic. 


FedRAMP is a US Government certification with extremely rigorous requirements. 

PortlandLabs meets all the controls required to be FedRAMP Moderate certified to the DoD Impact Level 2 (IL2 level). We perform all the necessary Continuous Monitoring. 

Interested in having your sites be hosted in our FedRAMP specific environment? Need more information? Let’s talk about how we meet the FedRAMP controls. We are happy to provide a customer responsibility matrix of what your Agency responsibilities would be. Ask below!

Do you need a US Government PIV authentication and authorization capability for your website administration and editing? We license versions of the Employee portal used by the U.S. Army!


Our external audits also provide independent proof that PortlandLabs hosting meet HIPAA and HITECH controls. Hosting your website with PortlandLabs will keep you in compliance with PCI.

Interested in more details?

Just ask below: 


We appreciate your privacy and security. We'll never sell or mishandle your data, and you can unsubscribe at any time. Learn more about our privacy protection.



Open source, but fully supported.

Concrete CMS is free and open source under the MIT license, and is fully ISO:27001 compliant out of the box. If your organization's IT and compliance groups want to manage the platform yourself, you're welcome to!

If your team would rather focus on content, the team behind Concrete can host your website for you and help you maintain a safe, secure and compliant web presence. We have a detailed understanding of compliance requirements and security is baked into our processes from the ground up. You'll be able to sleep soundly knowing our people are watching out for your public presence on the web. 

Support contracts are here to provide value & safety when you need it, but are never a requirement. You'll never get roped into some license fee you don't understand and can't control. You'll always own your content and your copy of the CMS, we're just eager to help if we can provide value.