Compliance & Data Security

To add to our commitment to information security and governance through ISO 27001, Calligo has also achieved compliancy with a SOC 2 Type 2 Report. Our Type 2 Report confirms independent assurance of the effectiveness of our data security and availability controls over a prolonged period of time, covering the operational effectiveness of Calligo’s service commitments and IT system requirements in the UK, Channel Islands, Ireland, Canada and the US.

ISO 27001:2013 is the latest version of the ISO’s (International Organisation for Standardization) common framework to manage information security within an organization. The basic objective of the ISO 27001 standard is to help establish and maintain an effective information security management system that has a defined continual improvement approach to ensure it can grow and change along with the business and the technologies used.

ISO 9001 helps ensure that customers receive consistent, good quality products and services. At Calligo, we have built out our ISO 9001 QMS to provide a solid scalable framework for managing our business, delivering efficiency through repeatable, safe, high-quality processes.

The Certified Information Privacy Manager accreditation shows that our teams are leaders in privacy program administration across the entire data lifecycle. Core to this qualification is the practical ability to implement privacy policies into day-to-day operations, including structuring the privacy team, implementing privacy program frameworks, communicating to stakeholders and measuring performance.

The Certified Information Privacy Professional (CIPP) qualification shows that both the internal and external Calligo team is qualified in jurisdictional laws, regulations and enforcement models, plus the legal requirements for handling and transferring data. Calligo team members hold credentials for both Canada and Europe.

ISO 27018 governs the processing of personal data in the cloud. It was the first privacy-specific international standard for the cloud and seeks to address issues such as keeping customer information confidential and secure, and preventing personal information from being processed for secondary purposes without user consent.

We comply with the principles of the EU General Data Protection Regulation (GDPR), as well as the UK Data Protection Act 2018, the Data Protection (Jersey) Law 2005, the Data Protection (Bailiwick of Guernsey) Law 2001 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. Calligo is also ISO 17024-accredited as well as EU GDPR F and EU GDPR P qualified.

The Cyber Essentials scheme is a cyber security standard from the UK’s National Cyber Security Centre. It identifies the security controls that an organisation must have in place within their IT systems in order to address cyber security effectively and mitigate the risk of data security threats.

The G-Cloud Framework is part of the Digital Marketplace – a UK government procurement initiative to create commercial agreements between public sector organizations with specially selected suppliers, all of whom must meet stringent standards of high quality, credibility and experience. G-Cloud is dedicated to providing access to providers of cloud-based services, and is renewed annually. Calligo is regularly re-approved onto the Framework.