Skip to main content
Feedback

Compliance

Flow complies to all standards and regulations that help to protect data across all parties, giving customer peace of mind in their governance, risk and compliance.

ISO 27001 Compliance

Flow has been certified ISO27001:2013 compliant by a UKAS accredited certification body, meaning that customers can build, deploy, and utilize business applications that transmit protected or confidential data with confidence. This accredited certification to ISO 27001 demonstrates that Flow is following international information security best practices, ensuring the security of information assets on the Flow platform. Regular third party audits provides customers with total transparency of the security of all Flow and customer assets.

The Flow platform enables ISO27001:2013 compliance in the following ways:

  • Encryption

  • Disaster Recovery

  • Access Controls

  • Auditing

  • Robust company policies

  • Adhering to security standards

While the ISO27001:2013 offering removes much of the complexity of implementing and maintaining ISO27001:2013 compliance, customers are still responsible for the design and administration of their specific business applications to comply with ISO27001:2013. customers who are interested in ISO27001:2013 compliance should contact a member of our team for more information.

HIPAA Compliance

Flow is compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) security requirements. A HIPAA-compliant system or application ensures security and privacy of any electronic Protected Health Information (ePHI) that is stored, transmitted, or otherwise processed by covered entities and their business associates.

Boomi provides a Business Associate Agreement (BAA) to its customers certifying that their provisioned Flow tenant is compliant with HIPAA requirements. Boomi Flow customers can then build, deploy, and utilize business applications that utilize Protected Health Information.

The Flow platform enables HIPAA compliance in the following ways:

  • Encryption

  • Disaster Recovery

  • Encryption

  • Access Controls

  • Auditing

While the Flow HIPAA offering removes much of the complexity of implementing and maintaining HIPAA compliance, customers are still responsible for the design and administration of their specific business applications to comply with HIPAA. Flow customers who are interested in HIPAA compliance should contact a member of our team for more information or to execute a BAA.

PCI-DSS Compliance

Flow is a Payment Card Industry Data Security Standard (PCI-DSS) Level 2 service provider. The PCI Data Security Standard provides a framework for developing a robust payment card data security process; including prevention, detection, and appropriate handling of security incidents. Flow customers are provided with total transparency around how their data is captured, stored and transmitted across the Flow platform. Boomi Flow customers can build, deploy, and utilize business applications that transmit protected cardholder data with confidence.

The Flow platform enables PCI-DSS compliance in the following ways:

  • Encryption

  • Disaster Recovery

  • Access Controls

  • Auditing

  • Robust company policies

  • Adhering to security standards

While the Flow PCI offering removes much of the complexity of implementing and maintaining PCI compliance, customers are still responsible for the design and administration of their specific business applications to comply with PCI-DSS. Flow customers who are interested in PCI compliance should contact a member of our team for more information.

On this Page