Sirion University
TABLE OF CONTENTS

Sign in to explore the full course catalog.

Login to University

Compliance

  • Last Updated: February 19, 2025

Overview

Sirion prioritizes fostering a company culture rooted in ethical conduct and adherence to both internal policies and applicable regulations. To ensure compliance at every location worldwide, each site is assigned a designated local ‘legal & compliance responsible.’This individual oversees compliance efforts within their respective country. As part of Sirion’s comprehensive compliance program, these local representatives conduct an annual risk and compliance assessment to uphold the company’s commitment to integrity and accountability.

Code of Ethics

  • ISO 27001:2022 certified: ISO/IEC 27001 is one of the most widely recognized independent international security standards. This certificate is awarded to organizations that comply with ISO’s high global standards. Sirion has earned ISO/IEC 27001:2022 certification for Applications, Systems, People, Technology, and Processes
  • SOC 2 Type II attestations: Sirion is SOC 2 Type II compliant. SOC 2 is an evaluation of the design and operating effectiveness of controls that meet the AICPA’s Trust Services Principles criteria.
  • SOC 1 Type II attestations: Sirion is SOC 1 Type II compliant as per AICPA’s SSAE18 standard and IAASB’s ISAE 3402 standards. SOC 1 reports are primarily concerned with examining controls that are relevant for the financial reporting of customers.


GDPR compliant

  • GDPR is a pan-European regulation that requires businesses to protect the personal data and privacy of EU citizens for processing of their personal data.
  • Sirion has always demonstrated its commitment to its user’s data privacy by consistently exceeding industry standards. Sirion welcomes GDPR as a strengthening force of the privacy-consciousness that already exists in it.

Sirion’s offerings have privacy features that comply with GDPR, and Sirion ‘s processing of its customer’s data adheres to the data protection principles of the GDPR.

Jurisdiction Specific Rights

We provide the following rights to data subjects in compliance with applicable law: 

European Union / European Economic Area: 

  • Right to be informed.
  • Right to access.
  • Right to rectification.
  • Right to be forgotten/Right to erasure.
  • Right to data portability.
  • Right to restrict processing.
  • Right to withdraw consent.
  • Right to object to the processing of their personal data.
  • Right to object to automated processing.

California Consumer Privacy Act & California Privacy Rights Ac

  • Right to know about the personal information a business collects about them and how it is used and shared.
  • Right to delete personal information collected from them (with some exceptions).
  • Right to opt-out of the sale or sharing of their personal information.
  • Right to non-discrimination for exercising their rights.
  • Right to correct inaccurate personal information that a business has about them.
  • Right to limit the use and disclosure of sensitive personal information collected about them

Children Online Privacy

We do not direct our website or services to minors and we do not knowingly collect personal data from children as defined by local laws. If we learn we have mistakenly or unintentionally collected, or received, personal data from a child without appropriate consent, we will promptly delete it. If you believe we mistakenly or unintentionally collected any information from or about a child, please contact us at [email protected].

Sirion Named a Leader in the 2025 Forrester Wave™ for CLM Report

Download Now