Calabrio is Committed to Information Security
Information is often the most valuable asset of a company. Our customers also process personal information (PII) on their employees that needs to be handled with care and respect. Therefore, information security is a top priority at Calabrio. The key elements of Calabrio’s information security processes are:
- Confidentiality – preventing the disclosure of information to unauthorized individuals or systems.
- Integrity – assuring the accuracy and consistency of data over its entire lifecycle.
- Availability – ensuring information is available when needed.
The Calabrio Information Security Program is based on NIST Cyber-Security Framework and therefore active in the following areas:
Identify
Calabrio has a NIST based Risk Management process that includes annual reviews as part of the organizational setup to manage cybersecurity risks to systems, people, assets and data.
Protect
Identity management and access control along with awareness and training programs are in place to support implemented technical measures covering data security.
Detect
Timely discovery of cybersecurity events is facilitated thanks to continuous monitoring of information systems and assets, and detection and analysis of anomalous events.
Respond
Activities are in place and ready to act in case of detected incident. This includes communication with stakeholders, analysis, mitigation activities and improvement from lessons learned.
Recover
Calabrio regularly undertakes recovery exercises to ensure restoration of systems or assets affected by incidents.
In addition to the Information Security and Compliance program, the compliance frameworks for AICPA SOC2 Type 2, ISO 27001 and PCI DSS are incorporated into Calabrio’s Common Control Framework and renewed annually.
Calabrio has also updated its products and processes to comply with global data privacy laws and regulations (such as GDPR and CCPA) and is a member of the EU-U.S. Privacy Shield Program. Learn More Here.
Technology
- Cloud native technology is used to power Calabrio products
- Leverage state-of-the-art protective technology built in the cloud by major Cloud Service Providers (AWS, Azure)
- Anti-malware
- Firewalls in place for all entry points
Business Continuity
- Built-in high availability via server redundancy
- Built-in anti DDoS mechanisms
- Automatic monitoring and alerting to Calabrio’s cloud team for proactive action
Access Control
- Capability to define, enforce, and manage user access policies across services
- Multifactor authentication for admin controls
Data Storage and Encryption
- Data encryption capabilities available in AWS and Azure storage and database services
- Flexible key management options
- All data stored in highly secure data centers with physical protection measures in place
Compliance & Certification
- Our hosting providers (AWS and Azure), adhere to dozens of industry standard compliance programs covering infrastructure
Authentication
- Local or SSO authentication options
- Password policy manager
Authorization
- Permission policies are managed by each customer
- Customizable role-based permissions
Access Control
- Capability to define, enforce, and manage user access policies across services
- Multifactor authentication for admin controls
- Role-based access controls (RBAC) supported through configurable permission and view settings
Transport
- HTTPS/TLS 1.2
Encryption
- Double encryption used in securing data at rest and in transit with keys unique to each customer
- Data partitioning at database level
- File segmentation at file system level
- Each tenant has their own SQL database, storage locations and search indexes
- RSA-2048 (with asymmetric keys) in AWS
- Transparent Database Encryption (TDE) in Azure
Monitoring
- Ease of maintenance through proactive monitoring and notification features
Compliance & Certifications
- PCI AOC
- SOC 2 Type II
- ISO 27001
In addition to the Information Security and Compliance program, the compliance frameworks for AICPA SOC2 Type 2, ISO 27001 and PCI DSS are incorporated into Calabrio’s Common Control Framework and renewed annually.
Calabrio has also updated its products and processes to comply with global data privacy laws and regulations (such as GDPR and CCPA) and is a member of the EU-U.S. Privacy Shield Program. Learn More Here.
Technology
- Cloud native technology is used to power Calabrio products
- Leverage state-of-the-art protective technology built in the cloud by major Cloud Service Providers (AWS, Azure)
- Anti-malware
- Firewalls in place for all entry points
Business Continuity
- Built-in high availability via server redundancy
- Built-in anti DDoS mechanisms
- Automatic monitoring and alerting to Calabrio’s cloud team for proactive action
Access Control
- Capability to define, enforce, and manage user access policies across services
- Multifactor authentication for admin controls
Data Storage and Encryption
- Data encryption capabilities available in AWS and Azure storage and database services
- Flexible key management options
- All data stored in highly secure data centers with physical protection measures in place
Compliance & Certification
- Our hosting providers (AWS and Azure), adhere to dozens of industry standard compliance programs covering infrastructure
Authentication
- Local or SSO authentication options
- Password policy manager
Authorization
- Permission policies are managed by each customer
- Customizable role-based permissions
Access Control
- Capability to define, enforce, and manage user access policies across services
- Multifactor authentication for admin controls
- Role-based access controls (RBAC) supported through configurable permission and view settings
Transport
- HTTPS/TLS 1.2
Encryption
- Double encryption used in securing data at rest and in transit with keys unique to each customer
- Data partitioning at database level
- File segmentation at file system level
- Each tenant has their own SQL database, storage locations and search indexes
- RSA-2048 (with asymmetric keys) in AWS
- Transparent Database Encryption (TDE) in Azure
Monitoring
- Ease of maintenance through proactive monitoring and notification features
Compliance & Certifications
- PCI AOC
- SOC 2 Type II
- ISO 27001
