ISO 27018 at Cronofy
Cronofy is committed to maintaining a robust and up to date information security program. A pillar of our data security offering is our adherence to ISO27018.
What is ISO27018:2019?
ISO27018 is a set of controls and guidelines, which specify how to protect Personally Identifiable Information (PII) in public clouds. This is in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
The ISO27018 standard, as well as the other standards achieved by Cronofy, serves to demonstrate the fact that we have a world-class Information Security management system.
What does ISO27018 mean for Cronofy customers?
Annex A of ISO27018 sets out controls and guidelines, created to ensure that PII is protected at all times
Here’s a list of these controls:
- Information security policies
- Organisation of information security
- Human resource security
- Asset management
- Access control
- Cryptography
- Physical and environmental security
- Operations security
- Information security aspects of business continuity management
- System acquisition, development and maintenance
- Supplier relationships
- Information security incident management
- Compliance
- Communications security
Cronofy's implementation of ISO27018, alongside Cronofy’s existing ISO27001, SOC2, GDPR, HIPAA and CCPA compliance provides customers with assurance that PII, data, and information are processed and stored appropriately, prioritising the importance of keeping this data secure at all times.
Serious about Information Security
Continuous Improvement
The ISO27018 standard, as well as the other standards achieved by Cronofy, serves to demonstrate the fact that we have a world-class Information Security management system in place and ensure confidence in the way we handle all your data. Achieving certifications is important - however we don't stop there. Cronofy is constantly evaluating developments and updates to standards, and continually updating policies and processes, to ensure we are as secure, and compliant as possible.
Security is a first class citizen
When you use Cronofy, you’re sharing potentially sensitive information with us. It’s our responsibility to make sure that we protect that data, and we take that responsibility very seriously. That’s why information security will always be a first-class concern for us.Whenever we’re building or developing any aspect of our service, Security is a key consideration. We understand that our customers care deeply about the security of data, and it’s something we feel equally strongly about.We want our customers to know that they can trust us to process and handle their calendar and event data – always securely and to the highest standards.
How often are you audited?
In order to attain this certification, Cronofy’s compliance was audited and validated by an independent audit company, A-LIGN. Throughout the audit, Cronofy demonstrated a comprehensive and thorough approach to mitigating information security risks and the secure management of data.
As part of running an effective information security program - Cronofy is committed to continual improvement in line with ISO27001. Cronofy will be assessed every three years, with audits in between those. This certification helps Cronofy ensure that we are operating, and maintaining our ISMS, PII and are protecting our customers’ data, in line with the standard.
Your privacy is paramount
We make sure you keep control of your calendar and that it's private to you and those you'd like to share your availability with. Security is at the core of what we do and we have the best practices to ensure that privacy is never compromised.
ISO27001 certified
ISO27018 certified
ISO27701 certified
SOC 2 attested
GDPR compliant
CCPA compliant
HIPAA compliant
Want to review our report?
To receive a copy of our ISO27001/18 report get in touch.
Send me the report