Compliance

Certifications

Qwilt has certification for compliance with ISO 27001:2022, 27017, 27018, 27701:2019 and SOC type 2. These certifications are performed by independent third-party auditors. Our compliance with these internationally-recognized standards and code of practice is evidence of our commitment to information security at every level of our organization, and that the Qwilt security program is in accordance with industry leading best practices.

ISO 27001:2022
ISO 27001 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS), which defines how Qwilt perpetually manages security in a holistic, comprehensive manner. This widely-recognized international security standard specifies that Qwilt do the following:
We systematically evaluate our information security risks, considering the impact of threats and vulnerabilities.
We design and implement a comprehensive suite of information security controls and other forms of risk management to address customer and architecture security risks.
We constantly test our solution to ensure we maintain a high standard of information security measures.
We have an overarching management process to ensure that the information security controls meet our needs on an ongoing basis.


SOC2 Type 2
SOC 2 (Service Organization Control 2) is a set of standards designed to ensure that service providers handle client data securely and with integrity. Like ISO 27001, SOC 2 compliance involves the development and implementation of rigorous security measures to protect sensitive information.

Here’s how Qwilt adheres to SOC 2 requirements:

  • Security: Qwilt implements robust security measures to protect client data from unauthorized access, both physically and logically.
  • Availability: Qwilt ensures that its services are consistently available and operational for clients. This involves measures such as redundancy, failover systems, and disaster recovery plans to minimize downtime.
  • Confidentiality: Qwilt safeguards sensitive information from unauthorized disclosure. This involves strict access controls, encryption, data masking, and confidentiality agreements with employees and third-party vendors.
  • Achieving SOC 2 compliance requires ongoing monitoring, evaluation, and improvement of controls to ensure they remain effective in mitigating risks and protecting client data. Qwilt is committed to maintaining the highest standards of security, availability, `confidentiality.

ISO 27017
ISO 27017 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO 27002 and ISO 27001 standards. This code of practice provides additional information security controls implementation guidance specific to cloud service providers.

ISO 27018
ISO 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in ISO 29100 for the public cloud computing environment. In particular, it specifies guidelines based on ISO 27002, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services.

ISO 27701:2019
An extension to ISO 27001 and ISO 27002 for privacy information management, ISO 27701:2019 specifies requirements and provides guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS). It specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.

Data Privacy Framework

The Data Privacy Framework is a certification program established by the US government to ensure that organizations adhere to stringent data privacy regulations. This framework is designed to protect personal data and ensure that it is handled with the utmost care and security. Certification under the Data Privacy Framework involves rigorous evaluation and implementation of data protection measures, including:

  • Systematic Risk Evaluation: Assessing data privacy risks by considering the impact of potential threats and vulnerabilities.
  • Comprehensive Privacy Controls: Implementing a suite of data privacy controls and risk management strategies to address customer and architecture privacy risks.
  • Ongoing Testing and Improvement: Continuously testing and refining our data privacy measures to maintain high standards.
  • Management Oversight: Ensuring that data privacy controls are consistently effective and meet organizational needs on an ongoing basis.

Qwilt’s certification for the Data Privacy Framework demonstrates our commitment to protecting your data and maintaining the highest standards of privacy and security.