Security
Robust security measures
Trust
- We don’t sell, rent, or provide information to third parties to help them advertise to you.
- Our financial interests are aligned with yours.
- While personal or sensitive data may from time to time be captured during a workflow, rest assured that we do not want or need such data. It’s our view that using your personal or sensitive data in any manner other than to provide our services would be unethical and inconsistent with Clearisk's values.
Compliance
ISO 27001 and SOC 2
Clearisk implements an Information Security Management System aligned to the requirements of ISO 27001 and is working towards obtaining ISO 27001:2022 certification in 2024. It is part of our roadmap to also become SOC 2 compliant, to achieve both these important milestones and continue to built trust with our customers we plan to use Drata's automation platform to continuously monitor our ISO 27001 and SOC 2 controls and maintain real-time visibility into our organization’s security posture.
Infrastructure
Our services are hosted on Amazon Web Services (AWS), which continuously maintains certification for a variety of global security and compliance frameworks. For more information about their certifications and compliance practices, please visit the AWS Security and AWS Compliance sites.
Application Security
- We use TLS everywhere in the Clearisk application.
- Your data is encrypted at rest and in transit using industry standards.
- We regularly scan our applications for vulnerabilities using automated tools and apply security patches to vulnerable components.
- We undergo annual penetration tests from a third-party security firm.
Data Protection and Disaster Recovery
- Our systems were designed and built with disaster recovery in mind.
- All of our infrastructure is hosted in the cloud on AWS and MongoDB Atlas. We use an AWS VPC that is not publicly accessible.
- Our data is automatically backed up daily and we regularly test that our backups are working and can be easily restored.
Corporate Security
- All company laptops are actively managed. We require screensaver locks, full disk encryption, anti-malware protection, password manager use, and automatic updates to be enabled.
- We implement a human review process augmented by automated checks to ensure consistent quality in our software development practices.
- Access to services, source code, and third-party tools are secured with two-factor authentication whenever possible.
- Employees are given the lowest level of access that allows them to get their work done and data access is logged.
- Our employee contracts include a confidentiality agreement.
- All personnel undergo background checks and receive regular security awareness training.
Responsible Disclosure
- If you’ve discovered a vulnerability in the Clearisk application, please contact us at security@clearisk.io. We review all security concerns brought to our attention, and we take a proactive approach to emerging security issues.
Updated Jan 2024
At Clearisk, we take data security and privacy very seriously. This page provides some general information about our practices to give you confidence in how we secure your data.