Data Security and Compliance

The security of our customers’ data is always of the highest importance to everyone at CWS Software, and we consistently comply with and exceed industry standards.

Here are just some of the ways in which we protect your data:

  • SOC 2 Type II audits are conducted annually by a third-party firm
  • Intrusion detection software is always in place
  • Excessive logins, intrusion and other system heartbeat measurements are constantly monitored
  • Penetration testing is conducted annually by a third-party firm
  • Vulnerability scans are carried out monthly
  • Security patches and updates are applied each week
  • Our disaster recovery plan is tested annually by actually recovering our servers
  • The database and backups utilize data-at-rest encryption
  • All servers are hardened using the SANS checklist and reviewed annually
  • All data to the server goes through encrypted https port 443
  • Secure file transfer protocol (SFTP) traffic is only directed to a non-standard port from specifically white-listed IP addresses

Additional security policies and procedures:

  • Security policies are reviewed twice each year
  • Employees are provided security awareness training every quarter
  • Security-related issues discussions and security training are conducted quarterly with our developers
  • Emergency contacts are verified quarterly
  • An annual in-depth risk analysis includes reviews of all vendors
  • CWS is GDPR compliant and signs a separate Model Processor Contract with all European customers

If you have any other questions about our approach to data security, please reach out to our team.