Certifications & Compliance

CloudFactory is dedicated to process excellence, workforce management, and data security. To that end, we pursue certifications and explore new initiatives that give you confidence in our ability to minimize risk, sustain long-term partnerships, and meet your security and compliance requirements.

ISO 9001 Quality Management Systems Certified
ISO 9001 Quality Management Systems Certified

ISO 9001:2015

Quality Management

The International Organization for Standardization (ISO) 9001:2015 certification demonstrates that CloudFactory has adopted the International Standard on Quality Management system and that our processes are well defined, managed, and resourced. This certification also illustrates our ability to consistently provide high-quality services, work ethically to comply with applicable regulatory requirements, and exercise great care in protecting your data.

ISO/IEC 27001 Information Security Management Certified

ISO 27001:2013

Information Security

Our certification in this area means our systems have been audited and tested to meet high standards for managing data security risks. This internationally recognised standard for information security management systems ("ISMS") shows that we have well-defined, managed, and resourced processes to consistently deliver high-quality services. We have developed a risks-based ISMS that meets the ongoing requirements of our clients, and specifically considered the aspects relating to confidentiality, privacy and vendor oversight, effectively providing a Privacy Information Management System ("PIMS") without the cost overhead. Our focus is also evident in our core values, which emphasise excellence and a customer-centirc approach.

ISO/IEC 27001 Information Security Management Certified
AICPA SOC for Service Organizations
AICPA SOC for Service Organizations

SOC 2

Data Confidentiality

This accreditation is a benchmark for trust in information processing and security. We are validated against the Trust Service Criteria ("TSC") of Security, Availability and Confidentiality, to confirm that we have operated the necessary infrastructure, risk mitigants and business processes to protect client information from unauthorised access.

HIPAA Compliant Business Associate

HIPAA

Compliant Business Associate

To better serve healthcare providers and other covered entities, CloudFactory team members and data analysts have been trained to secure and safeguard protected health information (PHI). In 2022, a third-party assessed CloudFactory against the Health Insurance Portability and Accountability Act (HIPAA) Business Associate security rules, which led to an attestation of compliance. As a HIPAA Compliant Business Associate, CloudFactory has proven its ability to assist in the process of transmitting, storing, and analyzing PHI.

HIPAA Compliant Business Associate
GDPR
GDPR

GDPR

Personal Data Privacy

As a global operator, we've conformed with the European Union's General Data Protection Regulation ("GDPR") guidelines for over seven years, taking this as our 'gold standard' of adoption of Data Subjects' rights to data minimisaton, accuracy, privacy etc. whilst coordinating with each client, as the Data Controller, for the Personal Information (PI) that we process as their Data Processor. Our privacy policy and robust security practices reflect this commitment:

HIPAA Compliant Business Associate

Expert Workforce

HITL

Data security is seen as starting with the individual. We have a rigorous screening process for team members and enforce a strict acceptable use policy that covers everything from password management to training, and monitoring of how staff are handling confidential data.

 

Workforce Grey
SASE
GDPR

SASE

Infrastructure

We use a secure access service edge (SASE) platform to manage all network traffic, ensuring end-to-end private connections. This platform includes enterprise-grade security features like a next-generation firewall, secure web gateways, and anti-malware. The geographical diversity of the network, coupled with the advanced security stack, provides us with a wide scope of flexibility in how we connect, secure and optimise traffic between our workforce and clients.

 

Ready to get started?

In high-stakes environments, AI can’t just be good—it must be right.

Let’s build AI you can trust.