Table of Contents

  1. Information Security Team
  2. Information Security Governance, Risk, and Compliance Program
  3. Infrastructure and Data Centers
  4. Encryption
  5. Security Audits
  6. Access Control
  7. Security Incident Monitoring, Management and Reporting
  8. Data Privacy
  9. Penetration and Vulnerability Scanning
  10. Security Updates
  11. Personnel Security
  12. Product Security
  13. Backup

1. Information Security team

The Information Security team is accountable for enhancing, operating, and continually refining Clario’s information security to uphold the availability, confidentiality, and integrity of its data. Leading this effort is our Chief Information Security Officer (CISO), who holds a crucial role in shaping Clario’s security strategy. Collaborating with the CISO are dedicated and resolute teams within specialized domains, each headed by key leaders. Under the CISO’s guidance, the Information Security function receives additional sponsorship from the Chief Information and Technology Officer (CITO), offering robust support and oversight.

2. Information Security Governance, Risk, and Compliance Program

Clario has an Information Security Technology Governance, Risk, and Compliance (GRC) Program that establishes a comprehensive governance structure, manages risk, and ensures compliance with regulatory and industry standards.

As of February 2024, Clario has achieved both the ISO 27001:2022 certification and SOC 2 Type II attestation.

ISO/IEC 27001:2022 is a globally recognized standard that lays out the framework for an Information Security Management System (ISMS). ISO 27001:2022 is designed to ensure the confidentiality, integrity, and availability of information assets, as well as manage the associated risks. Achieving ISO/IEC 27001:2022 certification involves a comprehensive evaluation of our security practices and policies, followed by meticulous audits by an independent expert.

What this means for you:

The ISO/IEC 27001:2022 certification underscores our dedication to securing your data and maintaining the trust you place in us. Our commitment to ISO 27001:2022 demonstrates our proactive approach to identifying and mitigating security risks that could affect your information.

Service Organization Control 2 (SOC 2 Type II) compliance is an evaluation of our controls over security, and availability of customer data. The SOC 2 report is a testament to our commitment to providing secure and reliable services to our clients.

Our SOC 2 compliance assures you that the security controls we have in place have been rigorously assessed and meet the highest industry standards.

We understand that transparency is key. SOC 2 compliance enables you to make informed decisions about entrusting us with your valuable data.

Access the documentation here

3. Infrastructure and data centers

Clario’s products are hosted with some of the largest data center and cloud hosting providers. Access to these data centers is strictly controlled and monitored by 24x7x365 with onsite security staff, biometric scanning, and video surveillance. Our hosting service providers and data center vendors maintain multiple certifications for their data centers, including ISO 27001:2022, PCI DSS, Cloud Security Alliance Controls, and SOC reports. Formal audits on each of our infrastructure providers are undertaken. Clario uses a combination of clustering, load-balancing, and replication to ensure there are no single failure points in the system.

4. Encryption

Clario employs strong encryption protocols to secure data during transmission and storage. Our encryption methods ensure that sensitive information remains confidential and protected from unauthorized access. Customer data is isolated and maintained separately from corporate data, requiring additional authentication and authorization to access.

5. Security audits

Clario performs internal assessments and also engages third-party security experts to perform assessments and audits of our systems. This ensures an unbiased evaluation of our security measures and helps us identify areas for improvement.

6. Access control

Clario uses access mechanisms to restrict access to account and data only to authorized personnel. Multi-factor authentication adds an extra layer of security to prevent unauthorized account access, adding an extra layer of security beyond passwords.

7. Security incident monitoring, management and reporting

Clario has 24x7x365 security monitoring and an incident management and reporting process in place that enables unified security monitoring and protection across our environments. Our Security Information and Event Management (SIEM) platform uses a centralized logging system which ingests logs from across our infrastructure including network sensors, network appliances, servers, devices, and email. In the event of a security incident, we have established incident response procedures to minimize the impact and quickly restore normal operations. Our team is well-prepared to oversee incidents and communicate transparently with our stakeholders if necessary. Clario tests the effectiveness of incident response procedures through activities such as table-top exercises.

8. Data privacy

Clario adheres to applicable data protection regulations to safeguard personal data.  For more information about our Data Privacy Program, visit our Legal and Privacy page.

9. Penetration testing and vulnerability scanning

Clario conducts regular vulnerability scans across the network. Additionally, we perform penetration testing through a combination of our in-house security team and qualified third-party penetration testers no less than annually.

10. Security updates

Our team works proactively to address any potential threats and enhance our security measures. As part of Clario’s overall Information Security Program, we have created a formal Patch Management Policy that is approved by management and communicated to the appropriate support teams. We regularly update our systems, software, and applications to patch any known security vulnerabilities. This proactive approach helps us stay ahead of potential threats.

11. Personnel security

Clario has created a culture where security is everyone’s responsibility, and all employees are encouraged to help secure our data and assets. Our employees go through background screening prior to onboarding. Additionally, all Clario employees undergo regular security and privacy awareness trainings and exercises. Phishing tests are administered quarterly.

12. Product security

Security is an integral part of our products at Clario. Product security is built into every facet of the Software Development Lifecycle, from design to operationalization. Vulnerabilities are discovered and remediated through diligent design reviews, automated and manual testing, establishing robust metrics and baselines, driving continuous improvement, and ensuring secure policies through governance.

13. Backup

Clario runs scheduled backups of files, databases, configurations, and servers, consisting of incremental, differential, and full. backups. Backups are encrypted and are stored offsite in a separate physical location. Complete media recovery tests are performed periodically from a randomly selected offsite backup. A formal network-wide Disaster Recovery Plan (DRP) is in place.

Get the answers you need

Clario maintains up-to-date security documentation, certifications, and answers to commonly asked questions.

Documents

Audit and Compliance