Welcome to Brilliance CRM Compliance Page
At Brilliance CRM, we prioritize security, privacy, and the trust of our customers. As a leading CRM platform, we understand that compliance with industry standards not only ensures the protection of sensitive data but also enhances user confidence. Our commitment to maintaining compliance with global data protection regulations and security standards is a cornerstone of our service offering. Here are the certifications and standards we have achieved to safeguard your data and keep your business secure.
Certifications & Compliance
CCPA / CPRA Compliant (California Consumer Privacy Act / California Privacy Rights Act)
Overview
The California Consumer Privacy Act (CCPA), along with the California Privacy Rights Act (CPRA), provides California residents with enhanced privacy rights over their personal data. These regulations require businesses to disclose the personal information they collect and offer consumers the ability to opt out of the sale of their personal data.
Why it matters for Brilliance CRM
As we expand our reach, we are committed to respecting consumer privacy rights. We are working toward CCPA/CPRA compliance to ensure our customers' data remains in their control and that we offer transparency in how data is handled.
Key Features
- Consumer rights to access, delete, and opt out of the sale of personal data.
- Transparency about the personal data we collect.
- Non-discriminatory practices related to data rights.
Cyber Essentials (UK)
Overview
Cyber Essentials is a UK government-backed scheme designed to help organizations protect themselves against common online threats. Achieving Cyber Essentials certification demonstrates a business's commitment to cybersecurity through the implementation of basic security controls.
Why it matters for Brilliance CRM
As part of our global security strategy, Cyber Essentials compliance will ensure that our infrastructure is resilient against common cyber threats, providing additional confidence to our users.
Key Features
- Implementation of basic cyber hygiene practices, such as secure configurations, firewalls, and access control.
- Protection against common cyber threats such as malware and phishing attacks.
- Periodic reviews and updates to security policies and practices.
GDPR Compliant (General Data Protection Regulation)
Overview
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to all companies processing personal data of individuals within the European Union (EU) and European Economic Area (EEA). GDPR establishes strict guidelines for data protection, user consent, and the rights of individuals regarding their personal data.
Why it matters for Brilliance CRM
We understand that privacy is a fundamental right, which is why we are committed to GDPR compliance. By adhering to these regulations, we ensure the privacy of customer data and allow our users to manage and control their personal information.
Key Features
- Explicit consent for data collection.
- Data minimization and purpose limitation.
- Enhanced user rights (right to access, right to erase, right to rectification, etc.).
HIPAA Compliant (Health Insurance Portability and Accountability Act)
Overview
HIPAA is a U.S. law designed to provide data privacy and security provisions for safeguarding medical information. Healthcare providers, insurers, and business associates handling Protected Health Information (PHI) must ensure that their systems are compliant with HIPAA's standards.
Why it matters for Brilliance CRM
As we serve industries like healthcare, we understand the importance of protecting sensitive health data. We are taking steps to become HIPAA compliant to ensure that our platform meets the stringent requirements for handling PHI securely.
Key Features
- Secure encryption and storage of health data.
- Privacy controls to prevent unauthorized access to health records.
- Comprehensive audits and reporting to demonstrate compliance.
ISO 27001 Readiness (International Organization for Standardization - Information Security Management)
Overview
ISO 27001 is the international standard for information security management systems (ISMS). It outlines best practices for establishing, maintaining, and continually improving an information security management system.
Why it matters for Brilliance CRM
To support our ongoing commitment to security, we are working toward ISO 27001 readiness. Achieving this standard will help ensure that we are following international best practices for managing and securing sensitive information.
Key Features
- Risk management processes to identify, assess, and mitigate security risks.
- Continuous improvement and monitoring of security systems.
- Regular internal and external audits to ensure compliance with security standards.
PCI SAQ D (Payment Card Industry Data Security Standard Self-Assessment Questionnaire - D)
Overview
The PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. SAQ D is the most comprehensive version of the PCI DSS self-assessment and applies to organizations that directly store, process, or transmit cardholder data.
Why it matters for Brilliance CRM
As a CRM provider, we are working toward achieving PCI SAQ D compliance to ensure that any cardholder data we process remains secure, and that we adhere to the highest standards in payment security.
Key Features
- Encryption and protection of cardholder data.
- Secure storage and transmission of sensitive information.
- Regular vulnerability testing and continuous monitoring.
SOC 2 Readiness (System and Organization Controls 2)
Overview
SOC 2 is a framework for managing data based on five key principles: security, availability, processing integrity, confidentiality, and privacy. SOC 2 compliance is especially important for SaaS providers, as it demonstrates a commitment to securing and protecting client data.
Why it matters for Brilliance CRM
We are working toward SOC 2 Readiness to demonstrate our commitment to securing our customers' data in every part of our operations. Achieving SOC 2 compliance ensures that we meet the highest standards for operational security and data protection.
Key Features
- Commitment to data security, confidentiality, and privacy.
- Regular internal controls and risk assessments.
- Documented practices for incident response, system monitoring, and reporting.
