Certifications & Compliance
CloudFactory is dedicated to process excellence, workforce management, and data security. To that end, we pursue certifications and explore new initiatives that give you confidence in our ability to minimize risk, sustain long-term partnerships, and meet your security and compliance requirements.


ISO 9001:2015
Quality ManagementThe International Organization for Standardization (ISO) 9001:2015 certification demonstrates that CloudFactory has adopted the International Standard on Quality Management system and that our processes are well defined, managed, and resourced. This certification also illustrates our ability to consistently provide high-quality services, work ethically to comply with applicable regulatory requirements, and exercise great care in protecting your data.

ISO 27001:2013
Information SecurityOur certification in this area means our systems have been audited and tested to meet high standards for managing data security risks. This internationally recognised standard for information security management systems ("ISMS") shows that we have well-defined, managed, and resourced processes to consistently deliver high-quality services. We have developed a risks-based ISMS that meets the ongoing requirements of our clients, and specifically considered the aspects relating to confidentiality, privacy and vendor oversight, effectively providing a Privacy Information Management System ("PIMS") without the cost overhead. Our focus is also evident in our core values, which emphasise excellence and a customer-centirc approach.



SOC 2
Data ConfidentialityThis accreditation is a benchmark for trust in information processing and security. We are validated against the Trust Service Criteria ("TSC") of Security, Availability and Confidentiality, to confirm that we have operated the necessary infrastructure, risk mitigants and business processes to protect client information from unauthorised access.

HIPAA
Compliant Business AssociateTo better serve healthcare providers and other covered entities, CloudFactory team members and data analysts have been trained to secure and safeguard protected health information (PHI). In 2022, a third-party assessed CloudFactory against the Health Insurance Portability and Accountability Act (HIPAA) Business Associate security rules, which led to an attestation of compliance. As a HIPAA Compliant Business Associate, CloudFactory has proven its ability to assist in the process of transmitting, storing, and analyzing PHI.



GDPR
Personal Data PrivacyAs a global operator, we've conformed with the European Union's General Data Protection Regulation ("GDPR") guidelines for over seven years, taking this as our 'gold standard' of adoption of Data Subjects' rights to data minimisaton, accuracy, privacy etc. whilst coordinating with each client, as the Data Controller, for the Personal Information (PI) that we process as their Data Processor. Our privacy policy and robust security practices reflect this commitment:

Expert Workforce
HITL
Data security is seen as starting with the individual. We have a rigorous screening process for team members and enforce a strict acceptable use policy that covers everything from password management to training, and monitoring of how staff are handling confidential data.



SASE
InfrastructureWe use a secure access service edge (SASE) platform to manage all network traffic, ensuring end-to-end private connections. This platform includes enterprise-grade security features like a next-generation firewall, secure web gateways, and anti-malware. The geographical diversity of the network, coupled with the advanced security stack, provides us with a wide scope of flexibility in how we connect, secure and optimise traffic between our workforce and clients.
Ready to get started?
In high-stakes environments, AI can’t just be good—it must be right.
Let’s build AI you can trust.