SECURITY
Thrio security certifications
Protecting your most important assets
Ensuring your data remains safe and secure
At Thrio, security and privacy are a key focus. So, we’ve implemented a wide array of controls and safeguards in our code and processes to protect customer data and support enterprises in their own compliance efforts.
We’re also a member of the Cloud Security Alliance (CSA). Our infrastructure is hosted and managed within secure cloud providers accredited for ISO27001, SOC 2 Type II and PCI Level 1. Our security teams work tirelessly to ensure that best practices are always followed to keep your data safe.
Below, you can read more about Thrio’s current certifications and attestations, and learn how they can assist your enterprise in compliance activities.
Our certifications
Accreditation status:
Awarded after independent audit
Topics covered:
Health Data | HIPAA Security Rule
About HITRUST CSF:
HIPAA provides data privacy and security provisions for safeguarding medical information. Enterprises using Thrio can be assured that the administration and technical requirements for software providers have been followed, including secure data flows, audit trails, and end-to-end encryption. While there is no definitive ‘HIPAA certification’, third-party audits reviewing compliance measures are considered industry best practice.
Payment card & information security
Thrio’s PCI certification may enable an enterprise’s own data protection activities related to payment processing. While many elements of PCI compliance will still rest on an enterprise’s own practices, Thrio’s data storage, firewalls, in-transit encryption, and other information security efforts will assist in achieving and maintaining PCI compliance.
About HIPAA:
HIPAA provides data privacy and security provisions for safeguarding medical information. Enterprises using Thrio can be assured that the administrative and technical requirements for software providers have been followed. These include but are not limited to secure data flows, audit trails, and end-to-end encryption. While there is no definitive “HIPAA certification” status, industry best practices encourage third-party audits reviewing both technical and administrative compliance measures.
About GDPR:
GDPR compliance assists Thrio customers in their efforts to do business in the European Union. This data protection, privacy, and data security standard is also relevant for enterprises whose data flows through the EU as GDPR covers data exporting out of the European Union.
About Cloud Security Alliance:
Thrio is a member of the Cloud Security Alliance. Membership in the CSA is voluntary. The organization encourages best practices in security within cloud computing.
Our certifications
Status:
Awarded After Independent Audit
Covered Topics:
Health Data | HIPAA Security Rule
HITRUST Common Security Framework supports enterprises in their compliance efforts related to health care data. The HITRUST CSF is the set of standards required for HIPAA compliance.
Thrio’s PCI certification may enable an enterprise’s own data protection activities related to payment processing. While many elements of PCI compliance will still rest on an enterprise’s own practices, Thrio’s data storage, firewalls, in-transit encryption, and other information security efforts will assist in achieving and maintaining PCI compliance.

HIPAA provides data privacy and security provisions for safeguarding medical information. Enterprises using Thrio can be assured that the administrative and technical requirements for software providers have been followed. These include but are not limited to secure data flows, audit trails, and end-to-end encryption. While there is no definitive “HIPAA certification” status, industry best practices encourage third-party audits reviewing both technical and administrative compliance measures.

GDPR compliance assists Thrio customers in their efforts to do business in the European Union. This data protection, privacy, and data security standard is also relevant for enterprises whose data flows through the EU as GDPR covers data exporting out of the European Union.

Thrio is a member of the Cloud Security Alliance. Membership in the CSA is voluntary. The organization encourages best practices in security within cloud computing.
There's a lot to learn about Thrio. We're a team of industry veterans, driven by strong values and a mission to transform the agent and customer experience.