655 Campbell Technology Parkway,
Suite 200
Campbell, CA 95008 USA

Phone: +1 408 574 7802
Fax: 1 408 377 3002

Centric Software Security & Compliance

Your data is safe with us.

Data security by design.

Trusted by the world’s leading organizations.

With our roots in Silicon Valley, we know how important it is for organizations to trust their software partners. This means that protecting your data and meeting your compliance requirements is our number one priority. As a result, our web applications are developed through a security by design methodology.

With a team of focused security professionals, a robust and secure hosting environment and following ISO 27001 standards, we are confident our solutions are stable, reliable and compliant. In fact, we stake our reputation on it.

Browse success stories from our customers

12,500+ iconic brands in more than 40 countries

Leading-edge Security

From managing external suppliers such as hosting partners, through to following development best practices and deploying teams focused on security, our approach is designed to align with security frameworks and exceed internationally recognized standards.

    • Physical Security
    • Access Control
    • Security Personnel
    • Vulnerability Management
    • Encryption
    • Development
    Physical Security @2x
    Access Control @2x
    Security Personnel @2x
    Vulnerability Management @2x
    Centric 3D Connect
    Develpoment @2x

    Data security and compliance

    Centric Software has implemented governance, risk management, and compliance practices that align with the most globally recognized information security frameworks. Centric Software has achieved SOC 3 attestation and is GDPR compliant.

    We also formalize and improve our information security business processes by aligning our internal information security management system (ISMS) with the ISO 27001 framework.

    SOC2 Type 2 and SOC3 Type 2 Compliance

    Centric Software has been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles.
    Download SOC 3 Report

    General Data Protection Regulation

    The General Data Protection Regulation (GDPR) introduced rules for organizations that offer goods and services to people in the European Union (EU), or that collect and process personal information relating to EU citizens, no matter where such organisation is located. Centric Software is committed to protecting personal information. The resources below set out important information relating to how we handle personal information.
    Privacy Policy Cookie Policy Data Processing Terms and Conditions Centric Software Sub-Processors Technical and Operational Measures

    Protecting data at every stage.

    Trust is built on openness. So being accountable and clear about the processes we have in place to protect the security, integrity and compliance of our systems and your data is fundamentally important to us. In this section, you can find out more about the various policies we follow and the security measures we take to secure our platform and your data.

    Security Policies

    Centric Software maintains and regularly reviews and updates its information security policies, at least on an annual basis. Employees must acknowledge policies and undergo periodic training pertaining to job function. Training is designed to adhere to all specifications and regulations applicable to Centric Software.

    Asset Management

    Centric Software maintains an asset management policy which includes identification, classification, retention, and disposal of information and assets. Company-issued devices are equipped with full hard disk encryption, up-to-date antivirus software, end point intrusion prevention and detections systems. Only company-issued devices are permitted to access corporate and production networks.

    Incident Management

    Centric Software maintains a security incident response process that covers the initial response, investigation, notification to customers and/or individuals (as may be required), public communication, and remediation. This process is reviewed regularly and tested bi-annually.

    Breach Notification

    Despite best efforts, no method of transmission over the internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Centric Software learns of an actual security breach, we will notify affected users as required by law or otherwise so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under applicable country level, state and federal laws and regulations.

    Business Continuity Management

    Backups are encrypted and stored at a secondary environment to preserve their confidentiality and integrity. Centric Software employs a backup strategy to ensure minimum downtime and data loss to meet recovery time objective (RTO) and recovery point objective (RPO). The Business Continuity Plan (BCP) is tested and updated on a regular basis to ensure its effectiveness in the event of a disaster.

    Logging and Monitoring

    Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorized Centric Software personnel. Logs are preserved in accordance with regulatory requirements.

    Application Secure Release Criteria

    Centric Software has also introduced a secure release criteria for all software releases which includes:

    • Dependency checks for any code libraries for publicly disclosed vulnerabilities and unsupported versions.
    • Static Application Security Testing (SAST) where testers have access to the underlying framework, design and implementation. Application is tested inside out.
    • Dynamic Application Security Testing (DAST) where tester has no knowledge of the technologies or frameworks that the application is built on. Application is tested outside in.
    • Peer code reviews conducted by senior members of the dev team to ensure internal standards are met.
    • External Penetration Testing to ensure no critical, high or medium vulnerabilities exist in the application or the platform it’s hosted on.
    • Regulatory compliance checks to meet applicable standards and ensure adherence to data privacy and protection laws.

    Frequently asked questions

    Can I get more information regarding security and compliance?

    If you have further questions regarding security and compliance, please use the forms on our Contact Us page to get in touch. For any legal enquiries, please contact 

    How do I report potential vulnerabilities?

    Existing Centric Software customers are expected to use the support portal to report any issues for any product or service. Security researchers willing to share suspected vulnerabilities privately may contact us directly through the Centric Software Vulnerability Reporting page. To bring value to your report and assist our teams in evaluating the suspected vulnerabilities, each report would ideally include a detailed description, perceived risk, the targeted scope, and its level, POC and any supporting materials.

    Popular resources