Security
Protecting your environment from attack
We ensure the customer’s Virtual Private Cloud (VPC) is shielded from attack through a set of controls that align to ISO[1] 27001, NIST[2] 800-53, and GDPR[3]. These controls include technology, policy, processes, and procedures that protect your privacy, confidential information and your data. And we ensure our employees have knowledge and awareness of our security posture, policy, processes and procedures.
Standards Compliant
We are ISO 27001 certified[4] and follow the control families defined by ISO 27002. We have our framework outlined in ClearObject’s Information Security Management System (ISMS), Information Security Policy (ISP) and our Statement of Applicability (SOA). We outline our control alignment in the Plan of Action and Milestones (POA&M); a matrix that cross maps required control families for various standards. As the need to adjust to new standards arises, we reference the POA&M matrix to understand where we are compliant and where we need to adopt new families of controls.
HTTPS encryption and MFA helps ensure your environment is secure
Protecting access to your environment with HTTPS encryption ensures you can connect to your environment with confidence knowing that we employ this added security. In addition, our support staff and engineers are required to use both HTTPS and Multi-Factor Authentication (MFA) when accessing your VPC.
Vulnerability Scanning, Penetration Testing and SIEM5
We regularly scan all public IP space for vulnerabilities and penetration test representative VPCs. And we employ SIEM tools in order to secure our support environment. Using the results, we patch test environments and validate those patches are effective. Then we apply those patches to VPCs as required.
Required Annual Training at ClearObject
We provide educational materials, training, and tools to help our employees learn how to stay safe online. Our security team annually requires all ClearObject employees to refresh their knowledge regarding online safety and our overall security posture, policies and procedures relative to the VPC environment.
Google Cloud Platform (GCP)
At the data center level GCP, provides a full description of the standards, regulations and policies to which they adhere and where applicable are certified at https://cloud.google.com/security/compliance. By selecting the region of a customer deployment, the customer will be presented the items which are applicable to that deployment geography at the data center level. ClearObject deploys workloads into Virtual Private Clouds (VPC) on the Google Cloud Platform. Any certification that applies in appropriate region of the deployment to Virtual Private Clouds will apply at the data center level for ClearObject’s deployments.
[1] ISO – International Organization for Standardization
[2] National Institute of Standards and Technology
[3] General Data Protection Regulation
[4] The scope of the ISO/IEC 27001 :2013 certification covers the information security management system (ISMS) supporting the ClearObject collaborative lifecycle management Ecosphere (CE CLM SaaS), and in accordance with the Statement of Applicability dated February 1, 2018.
[5] Security Information and Event Management
For more information contact privacy@clearobject.com