CLDigital Security

Corporate Objectives

CLDigital’s Corporate Security Program is designed to protect the confidentiality, integrity, and availability of both CLDigital corporate information assets and customer data. These controls, grouped into administrative, physical, and technical controls, are guided by industry standards and are deployed across the corporate infrastructure using a risk-based approach.

Data Security

CLDigital offers several standard encryption technologies and options to protect data while in transit or at rest. For network transmission, CLDigital uses secured protocols (such as TLS) to protect data in transit over public networks and is implemented and configured at every level of the CL360 services stack. CLDigital enforces strong password policies on infrastructure and CL360 management systems used to operate the CL360 environment.

Access Control

Access to CL360 systems is controlled by restricting access to only authorized personnel. CLDigital enforces strong password policies on infrastructure and CL360 management systems used to operate the CL360 environment. CLDigital performs security related change management and maintenance as defined in the Change Management Policy.

Network Communications

CLDigital’s IBM Cloud data centers contain isolated networks used to deliver CL360 services to CLDigital customers. Networking technologies are deployed in a layered approach designed to protect Customer data at the physical, data link, network, transport, and program level. CL360 services utilize Network Intrusion Detection Systems (nIDS) to protect the environment. CL360 services utilize network vulnerability assessment tools to identify security threats and vulnerabilities.

Regulatory Compliance

CLDigital CL360 services operate under Policies which are aligned with the ISO/IEC 27002 Code of Practice for Information security controls, from which a comprehensive set of controls are selected, as described by ISO/IEC 27001.

Resilience

For continuity in the event of an incident affecting CL360 services, CLDigital deploys the services on resilient computing infrastructure. CLDigital’s production data centers have component and power redundancy with backup generators in place to help maintain availability of data center resources in the event of crisis. In support of CLDigital’s Disaster Recovery practices, CLDigital periodically makes backupsof production data in Customer’s CL360 instance. The Recovery time objective (RTO) is 4 hours from the declaration of a disaster. The Recovery Point Objective (RPO) is 5 minutes from the occurrence of a disaster, excluding any data loads that may be underway when the disaster occurs.

Service Levels

CLDigital works to meet a Target System Availability Level of 99.95% of the production service, for the measurement period of one calendar month, commencing at CLDigital’s activation of the production environment.