Information Security Policy

We are unwavering in our commitment to protecting our information systems from unauthorized access, use, disclosure, destruction, modification, disruption, or distribution. This is essential to maintaining the trust of our clients through the preservation of confidentiality, integrity, and availability. The executive team is responsible for ensuring that all business, legal, regulatory, and contractual security obligations are fulfilled. The IT administration team is charged with establishing and maintaining a secure system and provides training to ensure that all employees understand their role in maintaining security. We also prioritize vulnerability management, including the regular updating of outdated systems. Each employee has a personal responsibility to report any security concerns or issues to the IT administration team. Subcontractors hired for specific functions are held to the same high security standards.

As part of our commitment to continuous improvement, we regularly monitor and report on the effectiveness of our information security management system, in line with the ISO 27001:2022 standard.

Secure data transportation

We use multiple layers of security to ensure that the data is transferred safely and securely. We use TLS (Transport Layer Security) over HTTPS (Hypertext Transfer Protocol Secure) to establish a secure connection and encrypt the data being transmitted. We also verify the identity of the destination server using a digital certificate to ensure that the data is being sent to the intended recipient. In addition, we have implemented strict access controls and follow secure disposal procedures to further protect our clients' data. We are committed to providing the highest level of security and peace of mind for our clients.

Our commitment to code quality

We are dedicated to delivering software of the highest quality to our customers. We understand that code quality is crucial to the success of our products and the satisfaction of our users. To achieve this, we follow industry best practices for code development and testing, and we have implemented a thorough code review process to ensure that all of our code meets our high standards. We also prioritize continuously improving our codebase and fixing any issues that may arise as quickly as possible. By making a commitment to code quality, we aim to provide our customers with the best possible software experience.

Security Audits

To ensure that we are meeting the highest security standards, we regularly order security audits from independent cybersecurity experts. These audits allow us to identify any potential vulnerabilities or weaknesses in our systems and implement necessary measures to address them. By conducting regular security audits, we can stay ahead of potential threats and continue to provide a secure and reliable service to our clients. For detailed security reports, contact our Technical Support Team.

Source Code Escrow

We understand that our clients may have concerns about the security and availability of their code in the event that something were to happen to our company. To address these concerns, we offer code escrow as an optional service for an additional fee. With code escrow, our clients can rest assured that their code will be securely stored and made available to them in the event of any unforeseen circumstances. This service provides an extra level of protection and peace of mind for our clients.

Client Data Segregation

One important aspect of our security strategy is the segregation of client data. We use a variety of techniques to accomplish this, including the assignment of a single Virtual Private Cloud (VPC) per client. By assigning each client their own VPC, we are able to create a secure and isolated environment for their data. Each VPC is configured with its own set of security rules, including firewalls, access controls, and network segmentation. This allows us to restrict access to the client's data to only authorized personnel and systems. Additionally, we use encryption both at rest and in transit to protect the data while it is stored and transmitted. We also implement the principle of least privilege, ensuring that users and systems only have access to the data and resources that they need to perform their tasks. We use role-based access controls and multi-factor authentication to further secure access to client data. We also conduct regular security assessments, vulnerability scans and penetration testing to identify and remediate any potential security vulnerabilities.

Contact Us

If you have any questions about this Information Security Policy, please feel free to contact us.

Registered Office:
Cumulus9 Limited
30 St. Mary Axe
London EC3A 8BF
United Kingdom

Cumulus9 Limited is a company registered in England and Wales with company number 13607450.