Corma's software and services are designed with security by design. Clear procedures and automated controls ensure your data remains protected while you stay in control. Those controls have been tested and audited by external parties granting Corma the ISO 27001 certification.
"ISO 27001 is a key requirement for us at Corma even at such an early stage to ensure to all our clients our commitment in building strong security management practices. We're proud that since day one of the company, security, compliance and trust have been at the center of our decisions. We will strive to continue delivering great and secure services and exceed the high standards of security our clients expect."
Samuel Bismut, CTO
All data stored in the Service is encrypted both in transit and at rest. Database instances, including read replicas and backups, are encrypted using industry standard encryption algorithm.
Administrative access to our production environment is limited to a restricted number of individuals. User access is evaluated on a quarterly basis and revoked upon termination.
Corma has implemented monitoring across all components in the architecture. Alerts are generated and sent to relevant stakeholders using internal communications platforms based on predefined rules.
Corma leverages AWS for hosting and compute power. AWS maintains and demonstrates SSAE-16 SOC 1, 2 and 3, ISO 27001 and FedRAMP/FISMA reports and certifications. Web servers and databases run on servers in secure data centers inside the European Union.
Corma employees and contractors are trained upon hire and no less than annually thereafter regarding confidentiality, data security, and data handling practices.
Corma undergoes annual independent ISO 27001 audits for security, availability, and confidentiality.
From how we approach infrastructure to how we onboard and off-board employees. We protect your data at every layer. We are officially audited and certified. Yet it is our daily task to keep this effort going and communicate on questions related to cybersecurity, data privacy and compliance. Are there any questions about our privacy and security measures that we didn’t address above? Email us at security@corma.io.