# Security #### Compliance **SOC2 - Service Organization Controls (Soc2) (Type II) Trust Services Principles** SOC2 compliance ensures that Conduit has controls in place to process and manage customer’s data. Compliance shows the excellence of controls in the realms of security, availability, and confidentiality. **HIPAA - Health Insurance Portability and Accountability Act** HIPAA is a federal law that requires the creation of standards and controls to protect electronic protected health information (ePHI) from being disclosed. **ISO 27001 - ISO 27001:2013 Certification** ISO/IEC 27001 is an international standard for information security management systems (ISMS). Certification shows that an organization has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles within this International Standard. **ISO 27018 - ISO 27018:2019 Certification** ISO/IEC 27018 It is an add-on to ISO 27001 and is an international standard on privacy in cloud computing services. **Health Data Hosting** Conduit is HDS (Hébergeur de Données de Santé) certified. Conduit customers are required to comply with applicable data protection legislation and local regulations with regards to personal health information. Customers that work with or in the French healthcare industry must comply with the PGSSI-S (global information security policy for the healthcare sector) and are required to implement a health information system in compliance with the PGSSI-S. **CSA - Cloud Security Alliance** CSA is a not-for-profit organization that put together best practices for a company to follow to help ensure a secure cloud computing environment. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.getconduit.app/security-and-data-privacy/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.