Security
We're not only proud but also profoundly committed to the highest standards of data security, as evidenced by our SOC 2 certification and CCPA and GDPR certifications. We don't merely see these as milestones, but as testament to our deeply ingrained understanding of how vital security is in the increasingly precarious digital realm. Cyber threats are evolving—both in frequency and complexity—making it more crucial than ever for us to serve as vigilant custodians of your data. It's not just about compliance; it's about embracing best practices and industry-leading measures to unequivocally safeguard sensitive information and sustain operational integrity. In essence, our steadfast dedication to exceptional security measures is something we hold in the highest regard, and we commit ourselves daily to upholding these standards.
We're not only proud but also profoundly committed to the highest standards of data security, as evidenced by our SOC 2 certification and CCPA and GDPR certifications. We don't merely see these as milestones, but as testament to our deeply ingrained understanding of how vital security is in the increasingly precarious digital realm. Cyber threats are evolving—both in frequency and complexity—making it more crucial than ever for us to serve as vigilant custodians of your data. It's not just about compliance; it's about embracing best practices and industry-leading measures to unequivocally safeguard sensitive information and sustain operational integrity. In essence, our steadfast dedication to exceptional security measures is something we hold in the highest regard, and we commit ourselves daily to upholding these standards.
How do we stay compliant?
As an organization, we understand the importance of maintaining compliance with security practices and standards. That's why we utilize security and compliance automation platforms to ensure that we remain continuously compliant and adhere to the relevant security protocols.
As an organization, we understand the importance of maintaining compliance with security practices and standards. That's why we utilize security and compliance automation platforms to ensure that we remain continuously compliant and adhere to the relevant security protocols.
We have a centralized platform that automates the assessment and monitoring of various security controls and procedures. By integrating with our existing systems and tools, our platforms provide us with a comprehensive view of our security posture, identifying any potential issues and ensuring that we are always up to date with the latest security protocols and industry standards. This gives us the confidence that we are following industry best practices and that we are providing a secure environment for our customers and stakeholders.
We have a centralized platform that automates the assessment and monitoring of various security controls and procedures. By integrating with our existing systems and tools, our platforms provide us with a comprehensive view of our security posture, identifying any potential issues and ensuring that we are always up to date with the latest security protocols and industry standards. This gives us the confidence that we are following industry best practices and that we are providing a secure environment for our customers and stakeholders.
Security Policies
Written information security policies and procedures ensure that the company has documented and tested controls in place to protect customer data and respond to security incidents effectively.
Written information security policies and procedures ensure that the company has documented and tested controls in place to protect customer data and respond to security incidents effectively.
Pentesting
Regular vulnerability and penetration testing help to identify and address potential security weaknesses before they can be exploited by attackers. Commonbase undergoes an external penetration test of our web application annually by a third party to identify any security vulnerabilities we may have, this will then allow us to raise these issues internally and remediate them immediately. An official report is created to Commonbase stating that the issues found are now fixed. We also conduct regular internal penetration tests. We also employ automated vulnerability scanning within our code and it’s dependencies.
Regular vulnerability and penetration testing help to identify and address potential security weaknesses before they can be exploited by attackers. Commonbase undergoes an external penetration test of our web application annually by a third party to identify any security vulnerabilities we may have, this will then allow us to raise these issues internally and remediate them immediately. An official report is created to Commonbase stating that the issues found are now fixed. We also conduct regular internal penetration tests. We also employ automated vulnerability scanning within our code and it’s dependencies.
Encryption
Encryption of sensitive data helps to ensure that the data cannot be accessed or read by unauthorized parties. Having our database encrypted allows customers to feel safe when using our product as it safeguards data when in transit or at rest.
Encryption of sensitive data helps to ensure that the data cannot be accessed or read by unauthorized parties. Having our database encrypted allows customers to feel safe when using our product as it safeguards data when in transit or at rest.
Multi-factor Authentication
Multi-factor authentication helps to prevent unauthorized access to the company's systems, which can help to protect customer data from theft or tampering.
Multi-factor authentication helps to prevent unauthorized access to the company's systems, which can help to protect customer data from theft or tampering.
Secure Development Practices
All changes to our codebase are protected with branch protection, meaning that to be able to push a new code change to production, the code change must have been approved by another engineer, as well as the code change has to pass a number of automated tests that check for security issues introduced by the code or it’s dependencies, as well as end-to-end testing and more. This way, no bad actors internal or external to Commonbase are able to push malicious code due to our secure reviews process.
All changes to our codebase are protected with branch protection, meaning that to be able to push a new code change to production, the code change must have been approved by another engineer, as well as the code change has to pass a number of automated tests that check for security issues introduced by the code or it’s dependencies, as well as end-to-end testing and more. This way, no bad actors internal or external to Commonbase are able to push malicious code due to our secure reviews process.
Monitoring
Ongoing monitoring of system access logs and network traffic helps to detect and respond to potential security incidents, reducing the likelihood of customer data being compromised.
Ongoing monitoring of system access logs and network traffic helps to detect and respond to potential security incidents, reducing the likelihood of customer data being compromised.
Access Controls
Access controls and background checks for employees, third-party vendors and service providers help to ensure that they are trustworthy and can be relied upon to handle customer data securely. Background checks are performed on all new hires the company may conduct as a way for Commonbase to establish confidence in the employee we are choosing to hire. Additionally, only giving access to applications for particular applications is important in staying compliant. Every quarter we review application access and access levels for all employees to make sure they only have access to applications which are required to perform their job role.
Access controls and background checks for employees, third-party vendors and service providers help to ensure that they are trustworthy and can be relied upon to handle customer data securely. Background checks are performed on all new hires the company may conduct as a way for Commonbase to establish confidence in the employee we are choosing to hire. Additionally, only giving access to applications for particular applications is important in staying compliant. Every quarter we review application access and access levels for all employees to make sure they only have access to applications which are required to perform their job role.
Vulnerability Disclosure
At Commonbase, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.
At Commonbase, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.
If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.
If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.
We reserve the right to designate any reported vulnerability as out of scope.
We reserve the right to designate any reported vulnerability as out of scope.
Reporting a vulnerability
You can report vulnerabilities by email to [email protected]. Once we have received your email, there may be a delay in getting back to you whilst our team triages the issue.
You can report vulnerabilities by email to [email protected]. Once we have received your email, there may be a delay in getting back to you whilst our team triages the issue.
Please provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.
Please provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.
