• 07 Nov 2022
  • 2 Minutes to read
  • Contributors
  • Dark
  • PDF


  • Dark
  • PDF

Compliance at Cirrus

As Cirrus we aim to enable our customers to create better assessments by providing a online platform to support the complete process of high-stakes testing. With high-stakes involved, it is even more critical that the different agreements and responsibilities, are clearly defined in writing.

On this page Cirrus brings together references to its different compliance related documents.

Agreements Overview

Order Form

When a customer signs up for the Cirrus Platform, they sign a Cirrus' Order Form with a "User Agreement" clause for usage of the Cirrus Platform, supplemented with other clauses for any additional services like Training.

Order Form’s User Agreement

The "User Agreement" refers to the "User Agreement" part of the Cirrus' Order Form about the agreed terms for using Cirrus Platform, including where the customer data is hosted for data privacy.

Often a Order Form also contains other parts pertaining to Cirrus related services like e.g. training.

Terms and Conditions

Our Terms and Conditions (1), or short T&Cs, are available for download in our Customer Portal (1).

(1) Customer Portal Login required.

Service Level Agreement (SLA)

The parameters of all services covered by your User Agreement are outlined in our Service Level Agreement. Our Service Level Agreement (1) or short SLA, pre-signed by our CEO, is available for download in our Customer Portal (1).

The SLA refers to the System Requirements.

If you have questions about our SLA, please contact us to Ask a Contract Question ⧉(1).

(1) Customer Portal Login required.

Data Processing Agreement (DPA)

Cirrus adheres to the EU's GDPR; "the world's toughest privacy and security law in the world" []. The GDPR has been used as a blueprint for privacy regulations by many countries across the globe.
Our Data Processing Agreement(1), or short DPA, pre-signed by our CEO, is available for download in our Customer Portal(1).

Our DPA refers to the List of Sub-Processors.

If you have questions about our DPA, please contact us to Ask a Contract Question ⧉(1).

(1) Customer Portal Login required.

Other Compliance information

Information Security ISO/IEC-27001:2013

ISO27001 Certified - Duijnborgh Certification

Cirrus is ISO-27001 certified!

Since September 2022 the development, maintaining and servicing by Cirrus are services ISO/IEC-27001 certified! (And not only Cirrus' hosting) ISO/IEC-27001 Certificate,
/ ISO/IEC-27001 Statement of Applicability.

ISO/IEC 27001 ⧉ is an international standard on how to manage information security. It details requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS). Information Security not only encompasses Confidentiality but also Integrity and Availability.
Among other the ISO/IEC 27001 standard prescribes a list of Information Security measures or controls. There are 114 Annex A Controls, divided into 14 categories, also listed in Cirrus' ISO-27001:2013 Statement of Applicability.

Accessibility Statement

The Accessibility Statement for Cirrus Assessment from Cirrus Nederland B.V. details the measures Cirrus Nederland B.V. takes to ensure accessibility of Cirrus Assessment.

Useful Information