Compliance & Data Security
Calligo takes its data responsibilities seriously. We hold multiple data qualifications and hold numerous accreditations and ensure their ongoing observance, giving customers full confidence in the safety of their data.
SO 27001:2013 is the latest version of the ISO’s (International Organisation for Standardization) common framework to manage information security within an organization. The basic objective of the ISO 27001 standard is to help establish and maintain an effective information security management system that has a defined continual improvement approach to ensure it can grow and change along with the business and the technologies used.
Calligo’s implementation of ISO 27001:2013 intends to protect the confidentiality, integrity and availability of the information assets that are stored within our platform, ensuring that we continue to maintain the highest levels of security and privacy regardless of jurisdiction. View the certificate, here.
ISO 27018 governs the processing of personal data in the cloud. It was the first privacy-specific international standard for the cloud and seeks to address issues such as keeping customer information confidential and secure, and preventing personal information from being processed for secondary purposes without user consent.
Calligo has aligned itself to ISO 27018, complementing our existing security risk management policies and procedures through ISO 27001. It is our intention to officially certify against ISO 27018 once a UKAS-recognised certification is obtainable.
ISO 9001 helps ensure that customers receive consistent, good quality products and services. At Calligo, we have built out our ISO 9001 QMS to provide a solid scalable framework for managing our business, delivering efficiency through repeatable, safe, high-quality processes.
The QMS touches all of the key areas within the organisation. This includes our “client facing” areas, Sales, Marketing, Service Delivery, Project Management, and Audit & Compliance and our “run the company” areas, such as Purchasing, HR, Health & Safety, and Corporate Governance. View the certificate, here.
SOC 2 – Type 2
To add to our commitment to information security and governance through ISO 27001, Calligo has also achieved compliancy with a SOC 2 Type 1 Report.
Our Type 2 Report confirms independent assurance of the effectiveness of our data security and availability controls over a prolonged period of time, covering the operational effectiveness of Calligo’s service commitments and IT system requirements in the UK, Channel Islands, Ireland and Canada.
The Cyber Essentials scheme is a cyber security standard from the UK’s National Cyber Security Centre. It identifies the security controls that an organisation must have in place within their IT systems in order to address cyber security effectively and mitigate the risk of data security threats.
We comply with the principles of the EU General Data Protection Regulation (GDPR), as well as the UK Data Protection Act 2018, the Data Protection (Jersey) Law 2005, the Data Protection (Bailiwick of Guernsey) Law 2001 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. Calligo is also ISO 17024-accredited as well as EU GDPR F and EU GDPR P qualified.
The Certified Information Privacy Manager accreditation shows that our teams are leaders in privacy program administration across the entire data lifecycle. Core to this qualification is the practical ability to implement privacy policies into day-to-day operations, including structuring the privacy team, implementing privacy program frameworks, communicating to stakeholders and measuring performance.
CIPP/C & CIPP/E
The Certified Information Privacy Professional (CIPP) qualification shows that both the internal and external Calligo team is qualified in jurisdictional laws, regulations and enforcement models, plus the legal requirements for handling and transferring data. Calligo team members hold credentials for both Canada and Europe.
The G-Cloud Framework is part of the Digital Marketplace – a UK government procurement initiative to create commercial agreements between public sector organizations with specially selected suppliers, all of whom must meet stringent standards of high quality, credibility and experience. G-Cloud is dedicated to providing access to providers of cloud-based services, and is renewed annually. Calligo is regularly re-approved onto the Framework.