External Resources
Compliance Documents
Note: Usage of “we”, “us”, and “our” indicates Winter International LLC – Bloom. Usage of “you” and “yours” indicates current, former and potential users of our services and visitors to our websites.
SOC Compliance
While some of the services we use are SOC compliant, we are not currently SOC compliant. We do not have a determination nor ETA regarding SOC compliance within our organization. However, we are currently implementing CIS Controls v8, which is fundamentally similar and may lead us to SOC compliance in the future. We will be updating this portal soon with information regarding our implementation of CIS Controls v8.
PCI Compliance
We worked directly with Nelnet (formerly, Paymentspring) to identify the appropriate compliance requirements for our environment and relationship.
Download the Certificate of Validation from Nelnet Payment Services.
Download the PCI Self-Assessment Questionnaire A from Nelnet Payment Services.
Amazon Web Service Compliance
Looking for Amazon’s SOC reports? AWS Artifact is a no cost, self-service portal for on-demand access to AWS’ compliance reports.
We are unable to directly share the SOC reports because of Amazon’s non-disclosure agreement.
Nelnet Compliance
PCI Compliance documentation from Nelnet is available at their website’s PCI Compliance page for information.
Google Compliance
Find Google’s Compliance documentation at their Businesses and Data portal for more information.