Comprehensive approach to security
Security at CompleteCSM spans hiring practices, software architecture, and data center operations. Our end-to-end security strategy enables us to deliver a world-class service while protecting customer data.
We operate under a shared security responsibility model, which means:
- We’re responsible for the security of the Customer Success Intelligence Cloud service and its underlying infrastructure. We’re also committed to providing you with the security features you need in a predictable and reliable manner.
- Customers configure and maintain their CS Intelligence Cloud settings according to their security posture and user activity.
Below are some of the major controls we leverage to secure our cloud service infrastructure:
Infrastructure and Physical Security
When we selected an infrastructure provider, we drew on our technical team’s experience in developing and operating market-leading cloud services. This enabled us to build in security and availability at every layer, from physical security through to computer, network, and storage. We complement these measures with well-defined security and access policies, and prove our security using ongoing third-party audits and certification.
We protect your data at every point in our infrastructure, including compute, storage, and network transmission.
We ensure that all of our service providers meet our data protection standards. We continuously monitor the health of our service and show customers those metrics via this trust portal.
Our security-focused culture starts at the highest level with a chief security officer who reports directly to the CEO on security issues. It extends throughout the company via a security team that trains employees to watch for attacks. We also support this culture with a policy that limits the amount of employees who have access to production systems. Our security controls govern employees and contractors before, during, and after their time at CompleteCSM. Our security team builds security into our culture by promoting security awareness and testing employees to ensure compliance. We reduce risk by limiting production access to those that need it to do their jobs, while continuing to monitor their access.
Secure Development Lifecycle
We begin building security into our software before we write any line of code. Strict security checkpoints govern every step of our development lifecycle from design through to coding, testing, and deployment. Our internal security team works with independent external security researchers to validate our software security.
Each year, we train our developers in the latest secure programming and code review techniques.
Our software security is regularly reviewed by peers, in-house security researchers, and third-party security assessors.
Our software development lifecycle includes hundreds of tests.
Our coding tools automatically assess software security as they build our web applications. Our internal penetration testing team continually audits source code per OWASP standards to measure source code integrity.
Secure Customer Data
CompleteCSM’s data protection meets the highest industry standards, complying with SOC2 requirements. Our state-of-the-art encryption technology protects customer data both at rest and in transit to the user’s browser, leaving no weak spots for attackers.
We encrypt all customer data at the data field level, ensuring that we protect all of your sensitive information.We protect every customer individually with several unique encryption keys.We protect those encryption keys using GitHub’s industry-tested key management service.
Security and Penetration Tests
We aggressively hunt for bugs in our software, our internal tests work in conjunction with third-party security audits, a public bug bounty program, and a highly-responsive customer bug reporting program. We support a security and penetration testing program .Our public bug bounty program allows anyone to test our system security and report bugs.
Our people make the difference
Our security experts have worked for the world’s leading SaaS companies. We incorporate their research directly into our products in a cycle of continuous improvement.