Since 2019, we have been ISO 27001 certified for a number of our products and services. This globally recognized standard helps us protect the confidentiality, availability and integrity of our and your data.
Corilus holds a valid ISO-27001:2017 certificate, linked to a specific scope:
👉Software development and cloud operations teams within the Software Factory and that report to the Software Factory Manager. Product management and customer support teams of the software components that are built and maintained in the Software Factory. HR, Internal IT, Legal, Compliance for all processes related to the scope.
The Software Factory currently includes the following applications: CareConnect General Practitioner, CareConnect Physiotherapist and CareConnect Specialist. We regularly expand the Software Factory strategically and have the healthy ambition to eventually work completely ISO-27001 compliant.
The validity of the certificate can always be verified online in Brand Compliance's certification register via this website.
Despite the fact that the certificate does not cover the entire Corilus group, a number of important issues have been implemented and enforced company-wide. Specifically, all policies and procedures are in place across the Corilus Group.
Overview of implemented policies
- Data protection policy ("GDPR")
- Information security policy ("ISO-27001")
- Acceptable use policy
- Access Control Policy
- Audit logging policy
- Data classification policy
- Data Transfer Policy
- Acceptable Encryption Policy
- Incident Management Policy
- Change Management Policy
- Secure Development Policy
- Threats and vulnerabilities policy
- Logging Review Policy
- Password policy
- Physical access policy
- Remote access policy
- Supplier Security Policy
- Corilus Code of Conduct