Industry Leading Security
Security and compliance are key features of the CloudRadial platform to ensure not only that our applications meet high standards but also that our partners can utilize CloudRadial to engage their clients in a collaborative approach to ensure better security and compliance for them as well.
From the very beginning, CloudRadial provided secure passwordless client access based on a two-factor approach. We implemented innovative features such report archives, support PINs, and security reporting that put these critical issues at the forefront of client engagement.
Throughout, CloudRadial has been committed to maintaining the highest standards of security, availability, processing integrity, confidentiality, and privacy. These five principles are the core of SOC2 (Service Organization Control 2) certification, which is a widely recognized standard for information security. Here’s how we approach each of these principles:
We take security very seriously and implement a range of technical and administrative controls to protect our systems and data. Security is designed into every level of our organization.
- We conduct thorough background checks for new employees.
- We require acceptance of strict non-disclosure and confidentiality agreements.
- We mandate security awareness training.
- We design our software with security in mind considering potential threats and vulnerabilities.
- We develop using only continuously updated industry standard platforms committed to security such at .NET Core and Angular and routinely update these platforms to stay current with the latest security capabilities provided.
- We conduct component and vendor evaluations to ensure they meet security and privacy standards.
- We develop only on company-owned, encrypted, and MFA protected devices.
- We conduct peer code reviews to review and verify every change.
- We conduct regular code vulnerability scanning.
- We utilize development staff located only in the U.S. and Canada where we are assured that national laws support our agreements.
- We restrict access to production systems and data based on need of access.
- We utilize separate, and MFA-protected developer accounts.
- We issue regular product updates to address security issues.
- We host all our software and data in Microsoft Azure datacenters to leverage Microsoft’s certified (SOC 1, SOC 2 Type II, ISO 27001, ISO 9001) hosting environment. https://azure.microsoft.com/en-us/explore/trusted-cloud/compliance/
- We utilize private virtual networking to protect key systems from public access.
- Where possible, we utilize Azure AD based access control to eliminate the requirement for passwords to key systems.
- We store our partners’ sensitive passwords in separate storage with elevated access and encryption.
- We provide data isolation between partner tenants.
- We provide 30-day point-in-time data recovery and provide options for long term data backup.
- We track user generated activity inside partner tenants and provide those audit logs to partners for review.
- We encrypt data in transit and in rest.
- We allow only SSL connections to websites.
- We require a minimum of TLS 1.2 for connections.
- We provide IP address whitelists to enable restricted access to self-hosted systems.
We have implemented many mechanisms to ensure that our systems are up and running at all times and fully scalable as partner needs grow.
- We deploy multiple web servers in a load-balanced configuration to protect against specific server issues.
- We use health checks to detect and automatically remediate server issues.
- We use database compute isolation to ensure maximum data throughput.
- We run high impact database jobs during partner overnight hours.
- We provide a status site for communicating issues and outages. https://status.cloudradial.com
We ensure that our system processes data accurately and completely, and we have implemented measures to prevent data loss, corruption, or unauthorized modification.
- We use automated development and deployment pipelines to ensure repeatability of releases.
- We are incorporating an increasing number of automated testing processes into our development pipelines.
- We constantly monitor website uptime and are automatically alerted to system outages.
- We log application performance and regularly review for issues and improvements.
- We offer an after-hours and emergency escalation process when problems are critical but do not result in a full system outage.
We take confidentiality very seriously and have implemented measures to protect our customers’ data from unauthorized access.
- We limit and restrict access to your CloudRadial tenant based on least privilege structures.
- We log access by our staff whenever they access your tenant.
- We require strict confidentiality agreements.
- We only employ people in countries where our confidentiality agreements are enforceable.
We are committed to protecting our customers’ privacy and have implemented measures to ensure that our system is compliant with privacy regulations such as HIPAA, GDPR and CCPA. This includes ensuring that our system is designed to collect and process data in a privacy-aware manner, and that we are transparent about our data practices.
- We host partner data in four separate geographic areas to resolve data residency issues for the United States, Canada, Australia, and the European Union/United Kingdom. For information on EU data residency, please see this link.
- We clearly define our terms of service at https://www.cloudradial.com/terms.
- We include a HIPAA Business Associates Agreement as part of our terms of service for affected partners.
- We include a GDPR Data Processing Agreement as part of our terms of service for affected partners.
- We have appointed a Data Protection Officer (DPO) to ensure we comply with GDPR and to act as a point of contact for data subjects and supervisory authorities.
- We have procedures for incident response and breach notification if required.
Best practices for security and compliance are constantly evolving and CloudRadial is always learning from our partners, our integration partners, experts, and the industry on ways to improve our internal practices and product features.
- We hold internal meetings on security and ways to improve security.
- We participate in regular meetings with partners to gain feedback and suggestions for our security roadmap.
- We actively solicit feature suggestions.