Corma's software and services are designed with security by design. Clear procedures and automated controls ensure your data remains protected while you stay in control. Those controls have been tested and audited by external parties granting Corma the ISO 27001 certification.
ISO 27001
Corma is ISO/IEC 27001:2022 certified, confirming that the product and services Corma provides are mature, robust, and secure, and that we are actively creating an organization that supports these goals. It also means that our software development processes and practices meet required levels of oversight and monitoring, so that we can proactively monitor, identify and address any unusual activity, remediate it with deep contextual insight, and take corrective action, if and when it is needed. Verify the certification.
GDPR
With customers all over the world, we adhere to the General Data Protection Regulation (GDPR) expanding the privacy rights granted to European individuals. We are proactively looking at and constantly improving our internal processes related to personal data privacy protection in compliance with legal and contractual obligations for GDPR compliance.
"ISO 27001 is a key requirement for us at Corma even at such an early stage to ensure to all our clients our commitment in building strong security management practices. We're proud that since day one of the company, security, compliance and trust have been at the center of our decisions. We will strive to continue delivering great and secure services and exceed the high standards of security our clients expect."
Samuel Bismut, CTO
All data stored in the Service is encrypted both in transit and at rest. Database instances, including read replicas and backups, are encrypted using industry standard encryption algorithm.
Administrative access to our production environment is limited to a restricted number of individuals. User access is evaluated on a quarterly basis and revoked upon termination.
Corma has implemented monitoring across all components in the architecture. Alerts are generated and sent to relevant stakeholders using internal communications platforms based on predefined rules.
Corma leverages AWS for hosting and compute power. AWS maintains and demonstrates SSAE-16 SOC 1, 2 and 3, ISO 27001 and FedRAMP/FISMA reports and certifications. Web servers and databases run on servers in secure data centers inside the European Union.
Corma employees and contractors are trained upon hire and no less than annually thereafter regarding confidentiality, data security, and data handling practices.
Corma undergoes annual independent ISO 27001 audits for security, availability, and confidentiality.
From how we approach infrastructure to how we onboard and off-board employees. We protect your data at every layer. We are officially audited and certified. Yet it is our daily task to keep this effort going and communicate on questions related to cybersecurity, data privacy and compliance. Are there any questions about our privacy and security measures that we didn’t address above? Email us at security@corma.io.
Experience the benefits of digital transformation. Cut you software spend by 30% through managing the contract lifecycle of your SaaS, secure your business through automated provisioning in identity and access management, all while boosting software stack with our vendor management system.