ISO 27001
Since 2019, we have been ISO 27001 certified for a number of our products and services. This globally recognized standard helps us protect the confidentiality, availability and integrity of our and your data.
Corilus holds a valid ISO-27001:2017 certificate, linked to a specific scope:
👉" Information security related to software development within the Software Factory reporting to the Software Factory Manager(s) and the Cloud Operations team reporting to the Network & Infrastructure Manager. Product Management and Customer Support teams of the software components that are built and maintained in the Software Factory (Belgium and Tunisia). All to the scope related processes from HR, Internal IT, Legal, Quality & Compliance"
The Software Factory currently includes the following applications: CareConnect General Practitioner, CareConnect Physiotherapist, CareConnect Nurse and CareConnect Specialist. We regularly expand the Software Factory strategically and have the healthy ambition to eventually work completely ISO-27001 compliant.
The validity of the certificate can always be verified online in Brand Compliance's certification register via this website.
Despite the fact that the certificate does not cover the entire Corilus group, a number of important issues have been implemented and enforced company-wide. Specifically, all policies and procedures are in place across the Corilus Group.
Overview of implemented policies
- Data protection policy ("GDPR")
- Information security policy ("ISO-27001")
- Acceptable use policy
- Access Control Policy
- Audit logging policy
- Data classification policy
- Data Transfer Policy
- Acceptable Encryption Policy
- Incident Management Policy
- Change Management Policy
- Secure Development Policy
- Threats and vulnerabilities policy
- Logging Review Policy
- Password policy
- Physical access policy
- Remote access policy
- Supplier Security Policy
- Corilus Code of Conduct