Data Center Security

• 24/7/365 video surveillance monitoring throughout facility and perimeter
• Staffed and monitored entry barriers
• Computing equipment housed and secured in steel cages
• Facility wide security and alarm systems
• Maintenance of access, audit, video and security logs in compliance with all regulatory guidelines

Server Security & Encryption

• Claritysoft utilizes network firewall, intrusion detection software, and required VPN connections to ensure only Claritysoft employees can access our servers.
• Claritysoft utilizes 128-bit encryption to protect data in transit. Each database and all transactions are encrypted.
• Claritysoft provides logical level data separation using access restricted dedicated databases in a multi-tenant environment.
• Claritysoft regularly performs penetration testing in monthly intervals. Examples include cross site scripting, SQL injection, and backdoors.
• Claritysoft does not allow server access to any third-party companies.
• All passwords are stored as salt values.

Internal Controls

• Keeping systems safe is of the utmost importance at Claritysoft. We have strict internal policies and processes to protect our assets, and to limit access to sensitive systems and infrastructure to key staff on a as needed basis.
• Each new employee goes through detailed training on Claritysoft’s privacy and security standards. This is to ensure that all employees fully understand our commitment to ensuring the highest privacy and security standards.
• Claritysoft consistently reviews and audits internal user permissions for account use and access levels in order to maintain our strict internal security standards.

System Access & Security

• Single-Tenancy Database

  A hybrid system model where one application is used for all customers, but each customer gets their own database for increased information security, data privacy, integration, flexibility, and customization.

• Profile-based security

  Profile-based security to restrict system access including record visibility and the availability of specific features.

• Profile Based Screen Layouts

  Profile-based screen layouts to alter the screen layout and visible fields for each security profile.

• Two-Factor Authentication

  An additional layer of security beyond username and password to prevent unauthorized access.

• Strong Passwords

  Control password strength by incorporating unique requirements.

• 2 Hour Session Lock

  Inactive users will be automatically signed out of the system after two hours of inactivity.

System Updates

• All scheduled system updates occur after business hours, typically on the weekend.
• When system updates are published, user access will be unavailable for three to five minutes.

Backup and Availability

• All data is backed up nightly (ET).
• Seven days of restoration points are maintained for all clients.
• Data restoration procedures are spot-checked regularly.
• Data is securely destroyed when retired.