Certifications and Compliance

CloudFactory is dedicated to process excellence, workforce management, and data security. To that end, we pursue certifications and explore new initiatives that give you confidence in our ability to minimize risk, sustain long-term partnerships, and meet your security and compliance requirements.

ISO 9001:2015

Quality Management

The International Organization for Standardization (ISO) 9001:2015 certification demonstrates that CloudFactory has adopted the International Standard on Quality Management system and that our processes are well defined, managed, and resourced. This certification also illustrates our ability to consistently provide high-quality services, work ethically to comply with applicable regulatory requirements, and exercise great care in protecting your data.

ISO 9001 Quality Management Systems Certified

ISO 27001:2013

Information Security

CloudFactory’s International Organization for Standardization (ISO) 27001 certification assures you that our Information Security Management System has been tested and audited in accordance with internationally accepted standards. The certification also means that we implemented a robust risk management process to regularly identify and manage data security risks, and that we satisfy client requirements for industry-standard certifications and high levels of security capabilities.

ISO-IEC 27001 Information Security Management Certified


Data Security

The Service Organizational Control (SOC) 2 report is considered the benchmark for trust in data security, conforming to the standards of the American Institute of Certified Public Accountants. In practice, CloudFactory’s SOC 2 accreditation means that we have the infrastructure, tools, and processes in place to protect your information from unauthorized access— both from within and outside of the company. Each year, an external, accredited firm audits CloudFactory to affirm our strong commitment to respecting and protecting your data.



Compliant Business Associate

To better serve healthcare providers and other covered entities, CloudFactory team members and data analysts have been trained to secure and safeguard protected health information (PHI). In 2022, a third-party assessed CloudFactory against the Health Insurance Portability and Accountability Act (HIPAA) Business Associate security rules, which led to an attestation of compliance. As a HIPAA Compliant Business Associate, CloudFactory has proven its ability to assist in the process of transmitting, storing, and analyzing PHI.

HIPAA Compliant Business Associate


Personal Data Privacy

The General Data Protection Regulation (GDPR) gives individuals in the European Union greater control over how organizations process and control their personal data. CloudFactory is committed to adhering to GDPR as evidenced by our robust data security practices and compliant privacy policy.



View Our Trust Profile

OneTrust is CloudFactory’s privacy, governance, risk, and compliance platform, which records the services and vendors in use at CloudFactory and references how we process and store data across the business. Each quarter, we audit and update our OneTrust “Trust Profile,” a centralized portal that provides a comprehensive view of our security posture status and compliance and certification standards. View CloudFactory’s Trust Profile.