Calabrio is Committed to Information Security
Information is often the most valuable asset of a company. Our customers also process personal information (PII) on their employees that needs to be handled with care and respect. Therefore, information security is a top priority at Calabrio. The key elements of Calabrio’s information security processes are:
- Confidentiality – preventing the disclosure of information to unauthorized individuals or systems.
- Integrity – assuring the accuracy and consistency of data over its entire lifecycle.
- Availability – ensuring information is available when needed.
The Calabrio Information Security Program is based on NIST Cyber-Security Framework and therefore active in the following areas:
In addition to the Information Security and Compliance program, the compliance frameworks for AICPA SOC2 Type 2, ISO 27001 and PCI DSS are incorporated into Calabrio’s Common Control Framework and renewed annually.
Calabrio has also updated its products and processes to comply with global data privacy laws and regulations (such as GDPR and CCPA) and is a member of the EU-U.S. Privacy Shield Program. Learn More Here.
Technology
- Cloud native technology is used to power Calabrio products
- Leverage state-of-the-art protective technology built in the cloud by major Cloud Service Providers (AWS, Azure)
- Anti-malware
- Firewalls in place for all entry points
Business Continuity
- Built-in high availability via server redundancy
- Built-in anti DDoS mechanisms
- Automatic monitoring and alerting to Calabrio’s cloud team for proactive action
Access Control
- Capability to define, enforce, and manage user access policies across services
- Multifactor authentication for admin controls
Data Storage and Encryption
- Data encryption capabilities available in AWS and Azure storage and database services
- Flexible key management options
- All data stored in highly secure data centers with physical protection measures in place
Compliance & Certification
- Our hosting providers (AWS and Azure), adhere to dozens of industry standard compliance programs covering infrastructure
Authentication
- Local or SSO authentication options
- Password policy manager
Authorization
- Permission policies are managed by each customer
- Customizable role-based permissions
Access Control
- Capability to define, enforce, and manage user access policies across services
- Multifactor authentication for admin controls
- Role-based access controls (RBAC) supported through configurable permission and view settings
Transport
- HTTPS/TLS 1.2
Encryption
- Double encryption used in securing data at rest and in transit with keys unique to each customer
- Data partitioning at database level
- File segmentation at file system level
- Each tenant has their own SQL database, storage locations and search indexes
- RSA-2048 (with asymmetric keys) in AWS
- Transparent Database Encryption (TDE) in Azure
Monitoring
- Ease of maintenance through proactive monitoring and notification features
Compliance & Certifications
- ISO 27001
- PCI AOC
- SOC 2 Type II
- Privacy Policy
- PCI datasheet
- Calabrio ONE Cloud datasheet
- Security and compliance datasheet
Calabrio Cloud
Technology
- Cloud native technology is used to power Calabrio products
- Leverage state-of-the-art protective technology built in the cloud by major Cloud Service Providers (AWS, Azure)
- Anti-malware
- Firewalls in place for all entry points
Business Continuity
- Built-in high availability via server redundancy
- Built-in anti DDoS mechanisms
- Automatic monitoring and alerting to Calabrio’s cloud team for proactive action
Access Control
- Capability to define, enforce, and manage user access policies across services
- Multifactor authentication for admin controls
Data Storage and Encryption
- Data encryption capabilities available in AWS and Azure storage and database services
- Flexible key management options
- All data stored in highly secure data centers with physical protection measures in place
Compliance & Certification
- Our hosting providers (AWS and Azure), adhere to dozens of industry standard compliance programs covering infrastructure
Security in Calabrio Products
Authentication
- Local or SSO authentication options
- Password policy manager
Authorization
- Permission policies are managed by each customer
- Customizable role-based permissions
Access Control
- Capability to define, enforce, and manage user access policies across services
- Multifactor authentication for admin controls
- Role-based access controls (RBAC) supported through configurable permission and view settings
Transport
- HTTPS/TLS 1.2
Encryption
- Double encryption used in securing data at rest and in transit with keys unique to each customer
- Data partitioning at database level
- File segmentation at file system level
- Each tenant has their own SQL database, storage locations and search indexes
- RSA-2048 (with asymmetric keys) in AWS
- Transparent Database Encryption (TDE) in Azure
Monitoring
- Ease of maintenance through proactive monitoring and notification features
Compliance & Certifications
- ISO 27001
- PCI AOC
- SOC 2 Type II
Resources
- Privacy Policy
- PCI datasheet
- Calabrio ONE Cloud datasheet
- Security and compliance datasheet