Globally accredited and compliant for healthcare

At Celo, we're serious about protecting patient and user data. Our people and platform exceed global standards for healthcare privacy and security.

Compliance certifications and attestations


The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for patient data protection in the United States. Companies that deal with protected health information (PHI) must have physical, network, and process security measures. This is set by the Department of Health and Human Services (HHS). Celo is HIPAA compliant.


The HITECH Act provides a framework for healthcare providers to adopt electronic health records and improved privacy and security protections for healthcare data. The act also introduced tougher penalties for HIPAA compliance failures for healthcare organizations and their business associates to comply with the HIPAA Privacy and Security Rules. Celo is HITECH Act compliant.


The GDPR regulates processes for companies and organizations on collecting, storing and managing personal data. It applies both to European organizations that process personal data of individuals in the EU, and to organizations outside the EU that target people living in the EU. Celo complies with all GDPR standards.

ISO 27001 Certified Data Center

To protect patient health information and Celo user information as required by many privacy laws around the world, Celo’s databases use the most thoroughly compliant cloud service provider to store and process all data. Celo's Microsoft Azure datacenters are ISO27001 compliant.

SOC 2 Certified MS Azure Cloud

To protect patient health information and Celo user information as required by many privacy laws around the world, Celo partners with the most thoroughly compliant cloud service provider to store and process all data. Microsoft Azure is SOC 2 Certified.

Cyber Essentials

Cyber Essentials is a United Kingdom government backed scheme that helps organizations, whatever their size, protect against a whole range of the most common cyber attacks. Celo is Cyber Essentials certified.


The Information Commissioner’s Office (ICO) in the UK is an independent authority set up to uphold information rights, promoting openness by public bodies and data privacy for individuals. The Office allows companies to register as data processors, report a breach and navigate data protection legislation in the UK. Celo is registered with the ICO in the UK.

NHS DSP Toolkit Certified

The Data Security and Protection (DSP) Toolkit is a framework that enables relevant organizations to measure their performance against the data security and information governance requirements mandated by the Department of Health and Social Care, notably the 10 data security standards set by the National Data Guardian. Celo is NHS DSP Toolkit Certified.


ORCHA reviews a digital health technology’s nature and purpose, including Clinical/Professional Assurance, Data & Privacy, and Usability & Accessibility. ORCHA’s algorithm looks at how appropriately the technology meets the relevant and compulsory standards. Celo has been ORCHA assessed and holds a 83% rating for it's mobile apps.

UK G-Cloud

The UK Government G-Cloud is an initiative targeted at easing procurement by public-sector bodies in the United Kingdom of commodity information technology services that use cloud computing. Celo has officially been accepted onto the UK G-Cloud 12.

NSW Govt. Certified Provider

NSW Procurement is a trusted advisor to government providing strategic advice and facilitating the delivery of services, which ensure that clusters and agencies have the necessary resources and capability to achieve their business objectives within a devolved procurement framework. Celo is a NSW Govt. approved and certified provider.

Australian IRAP

The Information Security Registered Assessors Program (IRAP) provides a comprehensive process for the independent assessment of a system’s security against the Australian Government Information Security Manual (ISM) requirements. IRAP is governed and administered by the Australian Cyber Security Center (ACSC). Celo's MS Azure cloud partner is IRAP compliant.

OAIC Privacy Act

The Privacy Act 1988 (Privacy Act) was introduced to promote and protect the privacy of individuals and to regulate how organizations handle personal information. The Privacy Act includes 13 Australian Privacy Principles (APPs). Celo adheres to the OAIC Privacy Act.

Department of Internal Affairs

The Department of Internal Affairs (DIA) Marketplace facilitates the New Zealand government's procurement process by linking businesses that offer services with government agencies that wish to buy them. The DIA approval process includes a full audit of security and privacy practices. Celo is an approved and accredited government partner on the DIA Marketplace.


HISO works with health providers, shared services organizations, clinical groups and others. HISO 10029:2015 Health Information Security Framework provides guidance and rules for the security and privacy of healthcare software tools. Celo is HISO compliant.

Celo 2022. All Rights Reserved |
Celo 2022. All Rights Reserved |