May 9, 2022

Cronofy's newest security accreditations

As part of our ongoing commitment to security, we've completed our ISO27001:2013, ISO270018:2019, and SOC2 security audits and added a brand new ISO27701:2019 certification to our list!
3 min read
Profile photo of Garry Shutler
Garry Shutler
CTO and co-founder
Blog post Hero Image

We're pleased to announce we’ve completed the latest set of ISO27001:2013 and ISO270018:2019 security audits with flying colours, and have added a brand new ISO27701:2019 certification to our list. We also successfully completed our SOC 2 Type 2 attestation for the third year running!

What is ISO27701:2019?

ISO27701:2019 is a data privacy extension of ISO27001 and ISO27002. ISO27701 sets guidelines for how personally identifiable information (PII) should be managed and processed using a Privacy Information Management System (PIMS) and directly relates to requirements found in data protection regulations, like GDPR and CCPA.

What is a PIMS?

A Privacy Information Management System (PIMS) is a set of policies and privacy controls that set out how an organization collects, stores, processes, and generally handles PII. This provides Cronofy customers with the reassurance that their data is being handled in line with the highest of standards.

Like with GDPR, within ISO27701 and the PIMS, there are strict controls around the collection and protection of PII, and the rights a person has to access their PII. These controls and policies are the foundation upon which our PIMS is built.

Why is this important to Cronofy customers?

The maintenance of our existing accreditations demonstrates our ongoing commitment to the highest security standards.

Following the requirements and guidance of ISO/IEC 27701 and implementing a PIMS provides Cronofy customers with further reassurance that we meet the highest standards for the assessment, treatment, and reduction of privacy risks.

Couple this with our existing accreditations, and Cronofy customers can rest assured that their data is in the safest hands.

Independent Auditing

An independent audit company, A-LIGN, audited and validated our controls to achieve our certifications. Throughout the audit, Cronofy demonstrated a comprehensive approach to mitigating information security risks and the secure management of data.

Continuous Improvement

As part of running an effective information security program, Cronofy is committed to continually improving the standards in ISO27001, ISO27018, ISO27701, and SOC 2. Cronofy will be assessed for ISO certifications every three years, with annual surveillance audits. We renew SOC 2 Type 2 attestation every year.

These certifications help Cronofy ensure that we operate, maintain our ISMS and PIMS, and protect our customers' data according to the standards.

We're incredibly proud to have achieved these accolades while remaining HIPAA and GDPR compliant.

You can request a copy of our certifications here.

Want to learn more? Email us at to find out more about our stance on security.