ISO 27001
Since 2019, we have been ISO 27001 certified for a number of our products and services. This globally recognized standard helps us protect the confidentiality, availability and integrity of our and your data.
Corilus holds a valid ISO-27001:2022 certificate, linked to a specific scope:
"Information security related to software development for our applications general practitioners, specialist, nurses and physiotherapists and the Cloud Operations team reporting to the IT & Security Director.
Product Management and Customer Support teams of the software components that are built and maintained within to the aforementioned applications (Belgium and Tunisia).
All to the scope related processes from HR, Internal IT, Legal, Quality & Compliance."
We regularly expand the Software Factory strategically and have the healthy ambition to eventually work completely ISO-27001 compliant.
The validity of the certificate can always be verified online in Brand Compliance's certification register via this website.
Despite the fact that the certificate does not cover the entire Corilus group, a number of important issues have been implemented and enforced company-wide. Specifically, all policies and procedures are in place across the Corilus Group.
Overview of implemented policies
- Data protection policy ("GDPR")
- Information security policy ("ISO-27001")
- Acceptable use policy
- Access Control Policy
- Audit logging policy
- Data classification policy
- Data Transfer Policy
- Acceptable Encryption Policy
- Incident Management Policy
- Change Management Policy
- Secure Development Policy
- Threats and vulnerabilities policy
- Logging Review Policy
- Password policy
- Physical access policy
- Remote access policy
- Supplier Security Policy
- Corilus Code of Conduct