Cronofy operates a robust security and compliance program, adhering to the highest level of information security standards. We achieve this by meeting and exceeding the expectations of the following standards.
Cronofy has achieved the ISO/IEC 27001:2013 certification, the international standard for information security management systems (ISMS). The ISO 27001 certification requires the assessment of an organization’s information security management controls.
ISO27018 is a set of controls and guidelines, which specify how to protect Personally Identifiable Information (PII) in the cloud. Cronofy complies with ISO27018, which provides a set of objectives for implementing measures to protect PII. This is in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
Cronofy has achieved ISO 27701:2019, an extension of ISO 27701. Cronofy operates a PIMS (Privacy Information Management System) and data protection processes to an established, world-class standard.
SOC 2 defines the criteria for secure handling and management of customer data. Cronofy has been audited and complies with the standards set out by the AICPA as part of the SOC 2 standard. Cronofy has successfully completed audits for both SOC2 Type 1 and 2.
Cronofy adheres to the principles of GDPR and will continue to do so, no matter what happens with Brexit. Cronofy has been through the process of reviewing and updating our internal processes, procedures, data systems, and documentation to ensure we comply with GDPR.
Cronofy has an explicit Privacy Notice in place, that advises users of their rights under CCPA. Cronofy processes personal data in line with the requirements set out by the CCPA, for the purpose of providing services. This includes compliance with policies such as Anti-Discrimination, the Right to Be Forgotten, the Right to Access Data Collected, and control over data shared with third parties.
Cronofy is HIPAA (Health Insurance Portability and Accountability Act) compliant, ensuring that PHI (Patient Healthcare Information) is processed and stored, in line with the Titles defined within HIPAA, specifically, Title II. Cronofy can supply a Business Associate Agreement (BAA) on request.
Cronofy has compiled a security white paper. It aims to answer any questions which aren’t answered in any of the other documentation published on our sites.