With our roots in Silicon Valley, we know how important it is for organizations to trust their software partners. This means that protecting your data and meeting your compliance requirements is our number one priority. As a result, our web applications are developed through a security by design methodology.
With a team of focused security professionals, a robust and secure hosting environment and following ISO 27001 standards, we are confident our solutions are stable, reliable and compliant. In fact, we stake our reputation on it.
From managing external suppliers such as hosting partners, through to following development best practices and deploying teams focused on security, our approach is designed to align with security frameworks and exceed internationally recognized standards.
Centric Software information systems and technical infrastructure are hosted within world-class, industry certified data centers. Physical security controls at these data centers include 24×7 monitoring, cameras, visitor logs, entry limitations, and all that you would expect at a high-security data processing facility.
More information about our cloud service providers can be found:
Amazon Web Services | Microsoft Azure | Google Cloud Platform | Centric Data Center
Centric Software has in place policies, procedures, and logical controls that are designed to limit access to its information systems and the facility or facilities in which they are housed to properly authorized persons;
We ensure that:
Centric Software conducts background screening at the time of hire (to the extent permitted or facilitated by applicable laws). In addition, Centric Software communicates its information security policies to all personnel (who must acknowledge this) and requires new employees to sign non-disclosure agreements and provides ongoing privacy and security training.
Centric Software has a dedicated Data Privacy & Security team, which focuses on application, cloud, network, and system security. This team is responsible for maintaining Information Security Management System (ISMS) to meet internal security policies and standards.
Centric Software maintains a documented vulnerability management program which includes periodic scans, identification, and remediation of security vulnerabilities on servers, workstations, network equipment, and applications. All networks, including test and production environments, are regularly scanned using trusted third party vendors. Critical patches are applied to servers on a priority basis and as appropriate for all other patches.
We also conduct regular internal and external penetration tests and remediate according to severity.
Encryption in Transit: Centric Software uses secure encryption methods for communications between all systems and services.
Encryption at Rest: Centric Software ensures all data at rest is protected using industry standard encryption algorithms and strength.
Encryption of Backups: All backups are encrypted by default.
Our development team employs secure coding techniques and best practices, focused around the OWASP Top Ten. Developers are formally trained in secure web application development practices upon hire and annually.
Development, testing, and production environments are separated. All changes are peer reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.
Centric Software has implemented governance, risk management, and compliance practices that align with recognized information security frameworks.
SOC2 Type 2
Centric Software has been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles.Contact us
SOC3 Type 2
Centric Software has been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles.Download SOC 3 Report
The General Data Protection Regulation (GDPR) introduced rules for organizations that offer goods and services to people in the European Union (EU), or that collect and process personal information relating to EU citizens, no matter where such organisation is located. Centric Software is committed to protecting personal information.
Centric Software's certification for ISO/IEC 27001:2013, ISO 27017:2015, and ISO 27018:2019 was issued by A-LIGN, an independent and accredited certification body, on successful completion of a formal audit process.Download ISO Certificate
ISO/IEC 27017:2015 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards.Download ISO Certificate
ISO/IEC 27018:2019 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO/IEC information security standard 27002 and provides implementation guidance on ISO/IEC 27002 controls applicable to public cloud Personally Identifiable Information (PII).Download ISO Certificate
Trust is built on openness. So being accountable and clear about the processes we have in place to protect the security, integrity and compliance of our systems and your data is fundamentally important to us. In this section, you can find out more about the various policies we follow and the security measures we take to secure our platform and your data.
Centric Software maintains and regularly reviews and updates its information security policies, at least on an annual basis. Employees must acknowledge policies and undergo periodic training pertaining to job function. Training is designed to adhere to all specifications and regulations applicable to Centric Software.
Centric Software maintains an asset management policy which includes identification, classification, retention, and disposal of information and assets. Company-issued devices are equipped with full hard disk encryption, up-to-date antivirus software, end point intrusion prevention and detections systems. Only company-issued devices are permitted to access corporate and production networks.
Centric Software maintains a security incident response process that covers the initial response, investigation, notification to customers and/or individuals (as may be required), public communication, and remediation. This process is reviewed regularly and tested bi-annually.
Despite best efforts, no method of transmission over the internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Centric Software learns of an actual security breach, we will notify affected users as required by law or otherwise so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under applicable country level, state and federal laws and regulations.
Backups are encrypted and stored at a secondary environment to preserve their confidentiality and integrity. Centric Software employs a backup strategy to ensure minimum downtime and data loss to meet recovery time objective (RTO) and recovery point objective (RPO). The Business Continuity Plan (BCP) is tested and updated on a regular basis to ensure its effectiveness in the event of a disaster.
Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorized Centric Software personnel. Logs are preserved in accordance with regulatory requirements.
Centric Software has also introduced a secure release criteria for all software releases which includes: