CLDigital Security

At CLDigital, security is not an afterthought—it’s foundational. Our corporate and platform security programs are designed to protect the confidentiality, integrity, and availability of both CLDigital’s internal assets and customer data. We apply a risk-based, defense-in-depth approach that spans administrative, physical, and technical controls, aligned with globally recognized standards.

CLDigital safeguards data at every stage—in transit, at rest, and in use—through enterprise-grade encryption and access controls.

• Data in transit is protected using TLS 1.2+ protocols across all layers of the CL360 stack
• Data at rest is encrypted using industry-standard AES-256 encryption within Oracle Cloud Infrastructure (OCI)
• Built-in support for secure API communications, single sign-on (SSO), and customer-managed keys (optional for dedicated tenants)

Access to the CL360 environment is tightly governed through role-based access controls (RBAC), strong authentication policies, and automated provisioning workflows.

• All production access is restricted to authorized personnel based on least privilege and need-to-know
• Administrative access is controlled through multi-factor authentication (MFA) and regular audit logging
• Change management is enforced via CLDigital’s Security and Change Management Policies, ensuring traceability and control

CLDigital operates in multi-region, multi-availability zone (multi-AZ) Oracle Cloud environments with advanced perimeter and internal network protections.

• OCI’s isolated network architecture and microsegmentation protect traffic at every layer
• Intrusion Detection and Prevention Systems (IDPS) monitor for anomalous traffic and potential threats
• Regular vulnerability scanning and patch management cycles ensure continuous hardening of the environment

CLDigital aligns its controls with industry-recognized standards including:

• ISO/IEC 27001 and ISO/IEC 27002
• NIST SP 800-53 and FedRAMP Moderate Baseline (for deployments on Oracle FedRAMP)
• Support for customer-specific audit requests and compliance reporting, including SOC 2 and GDPR readiness

CL360 is built for availability under stress. Our platform is hosted on Oracle Cloud Infrastructure, designed for high-availability, fault tolerance, and resilience.

• Production environments include full infrastructure redundancy, power backups, and continuous monitoring
• Daily data backups are encrypted and replicated across availability zones
• Recovery Time Objective (RTO): 4 hours from the declaration of a disaster
• Recovery Point Objective (RPO): 15 minutes (excluding in-flight data at the time of failure)

CLDigital maintains a target system availability of 99.95%, measured monthly per customer environment. Service health, uptime, and issue tracking are continuously monitored, with proactive alerts and incident response protocols in place.