Zivver is SOC2 compliant and successfully passed a Type 2 audit. Designed to ensure that service providers are equipped to manage stakeholder data securely, SOC 2 Type 2 involves an internal audit of an organization’s controls in relation to data security, availability, processing integrity, and privacy. The report can be shared upon request.

ISO27001 is the international best practice standard for information security management systems. Zivver obtained this certification in 2016 and all Zivver communication services are in scope of this information security management system. Additionally, our data centers of AWS are ISO27001 certified.

The Privacy Verified certification shows that Zivver appropriately safeguards the privacy of its customers.
It shows Zivver meets the requirements from the GDPR.The Privacy Verified certification is subject to a yearly inspection by ICTrecht.

UK government backed scheme that shows that Zivver has the fundamental protection in place to defend itself from internet based threats. Zivver is formally certified to the Cyber Essentials Plus level.

The CSA STAR Certification s a rigorous third-party independent assessment of the security of a cloud service provider. This technology-neutral certification leverages the requirements of the ISO/IEC 27001:2013 management system standard together with the CSA Cloud Controls Matrix.

Zivver complies to the requirements of the NIST Cyber Security Framework (CSF) 2.0. The updated framework has expanded its scope from just critical infrastructure to all organisations in any sector. The framework includes six key functions: Identify, Protect, Detect, Respond and Recover, along with CSF 2.0’s newly added Govern function.

Zivver is exceeding the 10 data security standards set by the National Data Guardian. All organisations that have access to NHS patient data and systems must use the Data Security and Protection Toolkit to publish an assessment against the National Data Guardian’s 10 data security standards. Details of past publications for Zivver are provided through the link below.

NEN7510 is a Dutch best practice standard for information security management systems within the healthcare sector. The NEN7510 gives specific requirements for the processing of medical and patient information. Zivver obtained this certification in 2016 and all Zivver communication services are in scope of this information security management system.

This standard provides a set of requirements suitably structured to promote and ensure the effective application of clinical risk management by those organisations that are responsible for the development and maintenance of Health IT Systems for use within the health and care environment.