Clumio Achieves ISO 27701 Certification, First Internationally Recognized Privacy Standard Aligned with GDPR

Clumio announced that the company’s secure backup as a service for the enterprise has achieved the ISO 27701:2019 Privacy Information Management System (PIMS) certification.

ISO 27701 is widely considered to be the first internationally recognized privacy certification standard that parallels the General Data Protection Regulation (GDPR) personal data collection, processing, and protection requirements. This latest privacy certification underscores the company’s commitment to proactive compliance, with Clumio completing five major privacy/security compliance programs in its first 18 months. One of the company’s prime competitive differentiators: Clumio’s cloud-native architecture has allowed the company to “bake” security capabilities into its Software as a Service (SaaS) platform.

“While some companies are cobbling together compliance solutions, Clumio has made it a mission from day one to take a holistic and proactive approach to compliance,” said Glenn Mulvaney, vice president of cloud operations and security, Clumio. “We began our ISO compliance work before we even had a public product, and have worked to stay one step ahead of our audit requirements, compliance reports, and certifications. We started with the correct compliance controls long before we entered the public market, meaning we didn’t have to ‘undo’ poor practices when it came to our product, our employees, and our processes. We built our platform and our organization to conform to key industry privacy and security standards from the start.”

Clumio was born in the public cloud, leveraging the most modern cloud capabilities – including more than 10 major AWS services – to ensure it meets and exceeds the backup, privacy, and security requirements of today’s most demanding enterprises. Clumio recognizes that compliance and security are not interchangeable. As a result, information security best practices are built into the product architecture. Clumio’s authentic SaaS backup protects workloads such as VMware / VMware Cloud on AWS, Amazon Web Services (EC2/RDS/EBS), and Microsoft M365. As a SaaS platform, Clumio has built upon AWS physical and environmental compliance controls. Companies that use Clumio can be assured that their compliance requirements for data protection are satisfied.

Although there is no official GDPR checklist or certification, Clumio’s platform is built on ISO information security and privacy management system standards that also align with GDPR. This privacy-related certification confirms that Clumio’s product offerings contain processes and operations that have been validated through independent testing and support compliance with privacy laws and legislation, including GDPR and the California Consumer Privacy Act (CCPA).