Security & Compliance
As a customer, the security of your data is extremely important to CWS Software.
Some of the things we do to protect your data:
- We conduct an annual SOC 2 Type II audit with a third-party firm
- We have Intrusion Detection Software in place
- We are constantly monitoring for excessive logins, intrusion and other system heartbeat measurements
- We conduct Pen Tests annually with a third party
- We do vulnerability scans every month
- We apply the latest security patches weekly
- We test our Disaster Recovery Plan annually by actually recovering servers
- We use data at rest encryption for the database and backups
- All servers are hardened using the SANS and that is reviewed annually
- All data going to the server goes through https port 443
- SFTP traffic is to a non-standard Port from only IP addresses that are specifically white listed
Policies and Procedures
- We review our security policy twice a year
- We provide security awareness training to every employee every quarter
- We discuss security-related issues and do security training with the developers every quarter
- We verify our emergency contacts every quarter
- We do an in-depth Risk Analysis annually which includes a review of our vendor
- We are GDPR compliant and sign a separate Model Processor Contract with all our European customers
