At Thrio, security and privacy are a key focus. We have implemented a wide array of controls and safeguards in our code and processes to protect customer data and support enterprises in their own compliance efforts. Thrio is also a member of Cloud Security Alliance (CSA). Our infrastructure is hosted and managed within secure cloud providers accredited for ISO27001, SOC2 and PCI level 1. Our security teams work tirelessly to ensure that best practices are followed to keep your data safe.
Below, you can read more about Thrio's current certifications and attestations and learn how they can assist your enterprise in compliance activities.
HIPAA provides data privacy and security provisions for safeguarding medical information. Enterprises using Thrio can be assured that the administrative and technical requirements for software providers have been followed. These include but are not limited to secure data flows, audit trails, and end-to-end encryption. While there is no definitive "HIPAA certification" status, industry best practices encourage third-party audits reviewing both technical and administrative compliance measures.
Thrio is a member of the Cloud Security Alliance. Membership in the CSA is voluntary. The organization encourages best practices in security within cloud computing.
Thrio's PCI certification may enable an enterprise's own data protection activities related to payment processing. While many elements of PCI compliance will still rest on an enterprise's own practices, Thrio's data storage, firewalls, in-transit encryption, and other information security efforts will assist in achieving and maintaining PCI compliance.
SOC 2 certification is an auditing procedure that ensures service providers like Thrio manage customer data in accordance with the principles of security, availability, processing integrity, confidentiality, and privacy. SOC 2 Type 2 reports detail the operational effectiveness of a SaaS provider's systems as they relate to those principles. SOC 2 certifications are issued by third party auditors.
Thrio's certification in HITRUST Common Security Framework supports enterprises in their compliance efforts related to health care data. The HITRUST CSF is the set of standards required for HIPAA compliance.
GDPR compliance assists Thrio customers in their efforts to do business in the European Union. This data protection, privacy, and data security standard is also relevant for enterprises whose data flows through the EU as GDPR covers data exporting out of the European Union.