Security & Compliance

As a customer, the security of your data is extremely important to CWS Software.

Some of the things we do to protect your data:

  • We conduct an annual SOC 2 Type II audit with a third-party firm
  • We have Intrusion Detection Software in place
  • We are constantly monitoring for excessive logins, intrusion and other system heartbeat measurements
  • We conduct Pen Tests annually with a third party
  • We do vulnerability scans every month
  • We apply the latest security patches weekly
  • We test our Disaster Recovery Plan annually by actually recovering servers
  • We use data at rest encryption for the database and backups
  • All servers are hardened using the SANS and that is reviewed annually
  • All data going to the server goes through https port 443
  • SFTP traffic is to a non-standard Port from only IP addresses that are specifically white listed
Policies and Procedures
  • We review our security policy twice a year
  • We provide security awareness training to every employee every quarter
  • We discuss security-related issues and do security training with the developers every quarter
  • We verify our emergency contacts every quarter
  • We do an in-depth Risk Analysis annually which includes a review of our vendor
  • We are GDPR compliant and sign a separate Model Processor Contract with all our European customers