Skip to the main content.

Industry-Leading Security

 

CloudRadial takes your security and your clients’ data very seriously. We provide regional application and data hosting in the United States, Canada, Europe and Australia to improve performance, security, and compliance.

Microsoft Ready: CloudRadial fully supports the mandatory Microsoft GDAP and Partner security requirements.

Security and compliance are key features of the CloudRadial platform.

Security is built-in into both our foundations and our efforts to help our partners utilize CloudRadial to engage their clients in a collaborative approach to ensure better security and compliance for them as well.

From the beginning, CloudRadial has provided secure passwordless client access based on a two-factor approach. We implemented innovative features such as report archives, support PINs, and security reporting that put these critical issues at the forefront of client engagement.

Throughout, CloudRadial has been committed to maintaining the highest standards of security, availability, processing integrity, confidentiality, and privacy. These five principles are the core of SOC2 (Service Organization Control 2) certification, which is a widely recognized standard for information security. Here’s how we approach each of these principles:

Security

We take security very seriously and implement various technical and administrative controls to protect our systems and data. Security is designed for every level of our organization.

Hiring

  • We conduct thorough background checks for new employees.

  • We require acceptance of strict non-disclosure and confidentiality agreements.

  • We mandate security awareness training.

Software Development

  • We design our software with security in mind considering potential threats and vulnerabilities.

  • We develop using only continuously updated industry-standard platforms committed to security, such as .NET Core and Angular, and routinely update these platforms to stay current with the latest security capabilities provided.

  • We conduct component and vendor evaluations to ensure they meet security and privacy standards.

  • We develop only on company-owned, encrypted, and MFA-protected devices.

  • We conduct peer code reviews to review and verify every change.

  • We regularly conduct PEN testing. Download the initial Executive Report. Identified issues are being remediated.

  • We conduct regular code vulnerability scanning. 

  • We utilize development staff located only in the U.S. and Canada, where we are assured that national laws support our agreements.

Software Deployment

  • We restrict access to production systems and data based on the need for access.

  • We utilize separate and MFA-protected developer accounts.

  • We issue regular product updates to address security issues.

Software Hosting

  • We host all our software and data in Microsoft Azure datacenters to leverage Microsoft’s certified (SOC 1, SOC 2 Type II, ISO 27001, ISO 9001) hosting environment. https://azure.microsoft.com/en-us/explore/trusted-cloud/compliance/

  • We utilize private virtual networking to protect key systems from public access.

  • Where possible, we utilize Azure AD-based access control to eliminate the requirement for passwords to key systems.

  • We store our partners’ sensitive passwords in separate storage with elevated access and encryption.

  • We provide data isolation between partner tenants.

  • We provide 30-day point-in-time data recovery and provide options for long-term data backup.

  • We track user-generated activity inside partner tenants and provide those audit logs to partners for review.

  • We encrypt data in transit and in rest.

  • We allow only SSL connections to websites.

  • We require a minimum of TLS 1.2 for connections.

  • We provide IP address whitelists to enable restricted access to self-hosted systems.

  • We conduct regular intrusion testing to test for known vulnerabilities. Download the latest Executive Report.

Availability

We have implemented many mechanisms to ensure that our systems are up and running at all times and fully scalable as partner needs grow.

Software Hosting

  • We deploy multiple web servers in a load-balanced configuration to protect against specific server issues.

  • We use health checks to detect and automatically remediate server issues.

  • We use database compute isolation to ensure maximum data throughput.

  • We run high-impact database jobs during partner overnight hours.

  • We provide a status site for communicating issues and outages. https://status.cloudradial.com

Processing Integrity

We ensure that our system processes data accurately and completely, and we have implemented measures to prevent data loss, corruption, or unauthorized modification.

Software Management

  • We use automated development and deployment pipelines to ensure the repeatability of releases.

  • We are incorporating an increasing number of automated testing processes into our development pipelines.

  • We constantly monitor website uptime and are automatically alerted to system outages.

  • We log application performance and regularly review for issues and improvements.

  • We offer an after-hours and emergency escalation process when critical problems do not result in a full system outage.

Confidentiality

We take confidentiality very seriously and have implemented measures to protect our customers’ data from unauthorized access.

Access Management

  • We restrict access to your CloudRadial tenant based on the least privileged structures.

  • We log access by our staff whenever they access your tenant.

  • We require strict confidentiality agreements.

  • We only employ people in countries where our confidentiality agreements are enforceable.

Privacy

We are committed to protecting our customer’s privacy and have implemented measures to ensure that our system is compliant with privacy regulations such as HIPAA, GDPR, and CCPA. This includes ensuring that our system is designed to collect and process data in a privacy-aware manner and that we are transparent about our data practices.

Privacy Management

  • We host partner data in four separate geographic areas to resolve data residency issues for the United States, Canada, Australia, and the European Union/United Kingdom. For information on EU data residency, please see this link. In the event that UK's data adequacy no longer meets EU guidelines, then we will relocate client data to meet the necessary requirements.

  • We clearly define our privacy policy at https://www.cloudradial.com/privacy.

  • We clearly define our terms of service at https://www.cloudradial.com/terms.

  • We include a HIPAA Business Associates Agreement as part of our terms of service for affected partners.

  • We include a GDPR Data Processing Agreement as part of our terms of service for affected partners.

  • We have appointed a Data Protection Officer (DPO) to ensure we comply with GDPR and to act as a point of contact for data subjects and supervisory authorities.

  • We have procedures for incident response and breach notification if required.

Continual Improvement

Best practices for security and compliance are constantly evolving, and CloudRadial is always learning from our partners, our integration partners, experts, and the industry on ways to improve our internal practices and product features.

Improvement Feedback

  • We hold regularly scheduled internal meetings on security and ways to improve security.

  • We participate in regular meetings with partners to gain feedback and suggestions for our security roadmap.

  • We actively solicit feature suggestions.



Effective: December 1, 2023