Security is our top priority: Announcing ISO/IEC 27001:2013, SOC 2 Type 2, and GDPR compliance for Plum
At Plum, we are committed to building and maintaining trust in the healthcare, insurtech, and employee wellness sector by constantly delivering the highest standards of security for our customers and their teams.
As part of this, we continuously invest in security and data privacy initiatives with the latest certifications and accreditations.
Today, we’re proud to announce that after rigorous, comprehensive audits and meticulous evaluations, Plum is the first among its peers in India to receive three major compliance certifications, namely the ISO/IEC 27001:2013, the SOC 2 Type 2, and the GDPR.
These global certifications reassure our customers and their teams that their data is managed in the best possible controlled and audited environments in line with industry best practices and regulations.
What is ISO/IEC 27001:2013?
ISO/IEC 27001:2013 is an international standard for Information Security Management Systems (ISMS), which provides a framework for managing and protecting sensitive information such as personal data, intellectual property, and financial information. The certification demonstrates Plum's commitment to ensuring the highest level of security for its customers' data.
- Protects sensitive information
- Ensures a strong ISMS (Information security management system) framework
- Demonstrates commitment to security
What is SOC 2 Type 2?
SOC 2 Type 2 is a standard developed by the American Institute of CPAs (AICPA) for service organizations that store customer data in the cloud. It assesses the controls and processes related to security, availability, processing integrity, confidentiality, and privacy. Plum's SOC 2 Type 2 certification confirms that the company has implemented and adheres to these controls and processes.
- Assesses cloud-based data storage security
- Evaluates controls and processes
- Confirms adherence to standards
What is the Global Data Protection Regulation (GDPR)?
The General Data Protection Regulation (GDPR) is a regulation by the European Union (EU) that strengthens and harmonizes data protection laws in the EU. It applies to all companies that process the personal data of EU citizens, regardless of where the company is located. Plum's GDPR compliance certification ensures that the company meets the EU's high standards for data protection.
- Strengthens and harmonizes data protection laws
- This applies to companies processing EU citizens' data
- Ensures adherence to EU standards
What do these certifications mean for you?
Plum’s customers and their teams trust us with their most sensitive data; these certifications serve as a reassurance that:
- Customer data is always secure and protected
- Every employee of Plum preaches and practices information security
- Plum continuously assesses, minimizes, and eliminates security risks, and vulnerabilities
- Plum continuously audits and upgrades its safety, security, and technology systems
- Plum works with trusted vendors.
Why does this matter for Plum?
Saurabh Arora, co-founder and CTO of Plum, stated, "At Plum, we recognize the immense responsibility we have in preserving our customers' trust and securing their sensitive information. Our vision is to make positive impact on the health and financial well-being of every human, with our first milestone of insuring 10 million lives by 2025. These certifications are not only a necessity but a testament to our unwavering commitment to upholding the highest standards of data security, privacy, and compliance. We are both honored and driven by this accomplishment, which further reinforces our dedication to safeguarding the data entrusted to us."
Earning and maintaining customer trust is critical to Plum’s mission of insuring 10 million lives by 2025. We are committed to building products and services that follow the highest safety and security standards.
If you’d like to learn more about how Plum can help you and your teams, book a call with our insurance experts here.
Learn everything about the business of talent that you don’t learn in business school