Nextworld recognizes that choosing a cloud-based solution can be a difficult task. One of the ways we make it easier for you is by implementing controls based on industry standards and ensuring we meet regulatory requirements. Nextworld is using the National Institute of Standards and Technology (NIST) Cybersecurity Framework and associated standards as a basis for our internal compliance program and then evaluating that program against the Trust Service Criteria with the Service Organization Controls (SOC) 2 examinations. Our approach to compliance is to provide transparency into how we are ensuring the confidentiality, integrity, and availability of your information and assisting you in meeting your compliance objectives.


We have certified our internal controls with the Service Organization Controls (SOC) reports in order to provide further confidence in the Nextworld services. In 2020, a third-party auditor completed the examination of Nextworld controls and issued the SOC 1 Report and SOC 2 Report relevant to Security, Availability, and Confidentiality for Nextworld. Each year, the third-party auditor conducts another examination and reissues the subsequent reports. If you have questions concerning our SOC reports, please contact you service provider or the Nextworld Compliance Team at [email protected]


In addition to certifications and standards, Nextworld is responsible for ensuring we are compliant with local, federal, and international laws, regulations, and statutes of the jurisdictions that we and our customers operate in. Nextworld continuously monitors global legal actions to identify and address regulatory requirements that impact our services to you.

  • Sarbanes Oxley Act
  • Gramm-Leach-Bliley Act
  • EU Network and Information Systems Directive
  • UK Network and Information Security Act
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act & California Privacy Rights Act
  • Colorado Privacy Act
  • Personal Information Protection and Electronics Document Act (PIPEDA)
  • Australia Privacy Act
  • New Zealand Privacy Act
  • Office of Foreign Assets Controls

Data Privacy

Data protection is critical in today’s business environment. Whether it is personal information about your employees, customers, or partners, or sensitive data about your business, we recognize and appreciate the trust you put in Nextworld’s care for your data. As your data processor, we are committed to adhering to the various data protection laws around the globe and assisting you with protecting the rights of your data subjects. To find out more about our privacy measures, please view Nextworld’s Privacy Policy.

Nextworld’s security model allows you to adhere to the principle of least privilege, and limit who has access to personal and sensitive data. In addition to restricting access to applications, you can provide access to applications while restricting access to specific data in the application and restricting actions the user can take on the data.

Nextworld also provides you with data inventory capabilities that assist you in complying with regulatory requirements to maintain records of processing activities, conduct risk assessments, and fulfill data subject requests. With the Data Privacy Inventory application, you can classify data inside of Nextworld, define owners, and document data processing activities.

Shutterstock 719542471

Micah Hedrick

Senior Director of Compliance and Security, CISSP, CCSP

Senior Director of Compliance and Security, CISSP, CCSP

Micah has been in the enterprise software industry for over 20 years. He has served in various roles over the years including software engineer, product manager, program manager, solution architect, and implementation specialist. He is also a 14-year veteran of the U.S. Army, where he served as an officer in military operations and intelligence. Micah has a passion for helping people and tackling complex problems with simple and innovative solutions.