Calabrio is Committed to Information Security - Calabrio

Calabrio is Committed to Information Security

Information is often the most valuable asset of a company. Our customers also process personal information (PII) on their employees that needs to be handled with care and respect. Therefore, information security is a top priority at Calabrio. The key elements of Calabrio’s information security processes are:

  • Confidentiality – preventing the disclosure of information to unauthorized individuals or systems.
  • Integrity – assuring the accuracy and consistency of data over its entire lifecycle.
  • Availability – ensuring information is available when needed.

The Calabrio Information Security Program is based on NIST Cyber-Security Framework and therefore active in the following areas:

Identify

icon-gray-52

Calabrio has a NIST based Risk Management process that includes annual reviews as part of the organizational setup to manage cybersecurity risks to systems, people, assets and data.

Protect

icon-gray-30

Identity management and access control along with awareness and training programs are in place to support implemented technical measures covering data security.

Detect

icon-gray-40

Timely discovery of cybersecurity events is facilitated thanks to continuous monitoring of information systems and assets, and detection and analysis of anomalous events.

Respond

icon-gray-31

Activities are in place and ready to act in case of detected incident. This includes communication with stakeholders, analysis, mitigation activities and improvement from lessons learned.

Recover

icon-gray-18

Calabrio regularly undertakes recovery exercises to ensure restoration of systems or assets affected by incidents.

In addition to the Information Security and Compliance program, the compliance frameworks for AICPA SOC2 Type 2, ISO 27001 and PCI DSS are incorporated into Calabrio’s Common Control Framework and renewed annually.

Calabrio has also updated its products and processes to comply with global data privacy laws and regulations (such as GDPR and CCPA) and is a member of the EU-U.S. Privacy Shield Program. Learn More Here.

Technology

  • Cloud native technology is used to power Calabrio products
  • Leverage state-of-the-art protective technology built in the cloud by major Cloud Service Providers (AWS, Azure)
  • Anti-malware
  • Firewalls in place for all entry points

Business Continuity

  • Built-in high availability via server redundancy
  • Built-in anti DDoS mechanisms
  • Automatic monitoring and alerting to Calabrio’s cloud team for proactive action

Access Control

  • Capability to define, enforce, and manage user access policies across services
  • Multifactor authentication for admin controls

Data Storage and Encryption

  • Data encryption capabilities available in AWS and Azure storage and database services
  • Flexible key management options
  • All data stored in highly secure data centers with physical protection measures in place

Compliance & Certification

  • Our hosting providers (AWS and Azure), adhere to dozens of industry standard compliance programs covering infrastructure

Authentication

  • Local or SSO authentication options
  • Password policy manager

Authorization

  • Permission policies are managed by each customer
  • Customizable role-based permissions

Access Control

  • Capability to define, enforce, and manage user access policies across services
  • Multifactor authentication for admin controls
  • Role-based access controls (RBAC) supported through configurable permission and view settings

Transport

  • HTTPS/TLS 1.2

Encryption

  • Double encryption used in securing data at rest and in transit with keys unique to each customer
  • Data partitioning at database level
  • File segmentation at file system level
  • Each tenant has their own SQL database, storage locations and search indexes
  • RSA-2048 (with asymmetric keys) in AWS
  • Transparent Database Encryption (TDE) in Azure

Monitoring

  • Ease of maintenance through proactive monitoring and notification features

Compliance & Certifications

  • PCI AOC
  • SOC 2 Type II
  • ISO 27001

Start typing and press Enter to search

Send this to a friend