Security information & certifications
Documentation of the security measures and practices CloudM Software Limited has in place when handling personal data.
Last updated on 2025-02-13
ISO 27001 Expires on: 2025-06-01
Statement

ISO 27001:2013 as of April 26th 2024.

Penetration test report
Statement

PenTests are performed on a regular basis. A copy can be shared under NDA. To request a copy of the PenTest, please email: [email protected]

Security information Expires on: 2025-06-01
Statement

CloudM Cyber Essentials - 2024 - Certificate of Assurance.

Security information
Statement

Annex B in the Standard DPA states:

Security Measures

CloudM currently observes the security measures described in this Annex B.

ACCESS CONTROLS

Software Access – CloudM hosts its software service on outsourced cloud infrastructure. CloudM maintains contractual relationships with the providers of these cloud infrastructures in accordance with the DPA to protect any data stored by these cloud infrastructure providers.

Authentication – the CloudM Modules are protected by outsourced single sign-on authentication methods. No access to any End User data is possible without a valid authorized account managed by the End User on the Domain.

Physical and Environmental Security – the infrastructure for all CloudM Modules e for production purposes is hosted by outsourced cloud infrastructure providers and is protected by their published security process, including access control.

SYSTEM ACCESS CONTROLS

CloudM’s access to End User data is protected in accordance with the principle of least privilege, with two factor authentication enforced as default. All access is logged and monitored.

The implementation of infrastructure protection of data differs between infrastructure providers and includes Virtual Private Cloud (VPC) implementations, security group assignment, and traditional firewall rules.

TRANSMISSION CONTROLS

All data transmission to the CloudM Modules is performed over HTTPS. The highest level of TLS encryption is applied to traffic depending on what is supported by the End User’s Domain platform.

All data at rest is fully encrypted.

INPUT CONTROLS

Full monitoring and alerting of system traffic and behavior are in place for the CloudM Modules.

DATA BACKUPS

Backup and replication strategies are designed to ensure redundancy and fail-over protections during a significant processing failure. End User data is backed up to multiple durable data stores and replicated across multiple availability zones. Backup data is segregated from production data and subject to independent access control and monitoring.

DATA SEGREGATION

All End User data processed on the CloudM Modules is subject to full segregation based on a multi-tenanted data model. Individual End Users do not have access to any data outside of their tenant.

Security policy
Statement

Software Development Lifecycle (SDLC) Policy as of April 30th 2024.

Security policy
Statement

Data Protection Policy as of April 29th 2024.

Security policy
Statement

Information Security Policy as of 26 November 2024.

Security policy
Statement

Malware and Virus Protection Policy as of 29 April 2024.

Displaying 8 securities