Flow Security
and Compliance

Platform Status

Get visibility into the status of our platform.

Change Log

Find our platform’s latest updates.

Security and Compliance

Flow Security Standards

Boomi complies to all standards and regulations that help to protect data across all parties, giving customer peace of mind in their governance, risk and compliance. Click on each tab to learn more.

HIPAA Compliance

Boomi Flow is compliant with the HIPAA security requirements. With HIPAA compliance, customers can securely process and store protected health information (ePHI) on the Boomi Flow Platform after executing a Business Associate Agreement.

What is HIPAA?

The United States Health Insurance Portability and Accountability Act of 1996 (HIPAA) was intended to drive adoption of electronic health records, improve healthcare through information sharing, and regulate the security and privacy of Protected Health Information (PHI).

A HIPAA-compliant system or application ensures security and privacy of any ePHI that is stored, transmitted, or otherwise processed by covered entities and their business associates.

 

How does Boomi Flow comply with HIPAA?

Boomi Flow provides a Business Associate Agreement (BAA) to its customers certifying that their provisioned tenant is compliant with HIPAA requirements. Boomi Flow customers can then build, deploy, and utilize business applications that utilize Protected Health Information (PHI).

View our third-party HIPAA audit summary.

Boomi Flow enables HIPAA compliance in the following ways:

  • Encryption
  • Disaster Recovery
  • Access Controls
  • Auditing

While Boomi Flow’s HIPAA offering removes much of the complexity of implementing and maintaining HIPAA compliance, customers are still responsible for the design and administration of their specific business applications to comply with HIPAA.

Boomi Flow customers who are interested in HIPAA compliance should contact a member of our team for more information or to execute a BAA.

PCI-DSS

The Payment Card Industry (PCI) Security Standards Council offers standards to enhance payment card data security. The PCI Data Security Standard (PCI DSS) provides a framework for developing a robust payment card data security process; including prevention, detection, and appropriate handling of security incidents. Customers can leverage the Boomi Flow Platform’s PCI-DSS compliance to reduce their own PCI compliance complexity after agreeing to the Boomi Flow PCI-DSS terms.

How does Boomi Flow comply with PCI-DSS?

Boomi Flow is a level 2 compliant cloud services provider. With regular external audits, we provide customers with total transparency around how their data is captured, stored and transmitted across the platform. Boomi Flow customers can build, deploy, and utilize business applications that transmit protected card holder data with confidence.

View our third-party PCI compliance certificate.

 

Boomi Flow enables PCI-DSS compliance in the following ways:

  • Encryption
  • Disaster Recovery
  • Access Controls
  • Auditing
  • Robust company policies
  • Adhering to security standards

While Boomi Flow’s PCI offering removes much of the complexity of implementing and maintaining PCI compliance, customers are still responsible for the design and administration of their specific business applications to comply with PCI-DSS.

ISO 27001

ISO 27001 is the international standard that describes best practice for an information security management system (ISMS). Accredited certification to ISO 27001 demonstrates that ManyWho is following international information security best practices, this helps to ensure the security of your information assets.

What is ISO27001:2013?

ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.

 

How does Boomi Flow comply with ISO27001:2013?

Boomi Flow has been certified ISO27001:2013 compliant by a UKAS accredited certification body.
With regular third party audits, we provide customers with total transparency around how we ensure the security of all Boomi Flow and customer assets.
Boomi Flow customers can build, deploy, and utilize business applications that transmit protected or confidential data with confidence.
View our ISO27001:2013 compliance certificate.

Boomi Flow enables ISO 27001 compliance in the following ways:

  • Encryption
  • Disaster Recovery
  • Access Controls
  • Auditing
  • Robust company policies
  • Adhering to security standards

While Boomi Flow’s ISO27001:2013 offering removes much of the complexity of implementing and maintaining ISO27001:2013 compliance, customers are still responsible for the design and administration of their specific business applications to comply with ISO27001:2013.

Amazon Web Services (AWS)

Boomi Flow utilizes AWS multi-region infrastructure to elastically scale, provide enterprise-grade high availability and consistently deliver peak performance to every customer, in any country.

Our in-house AWS experts utilize a broad set of AWS technologies to create the perfect platform. By combining our knowledge of running large scale cloud platforms with AWS’s IPaaS we are able to offer every customer world class performance, security and cost efficiency.

AWS further enhances and reduces complexity with a compliance offering of 60+ international standards.

Learn More.

 

 

HITRUST CSF

The Boomi Flow platform has been implemented using the HITRUST CSF.

 

Have questions? Let us help you win!