Security Statement
Keeping our customers, partners and employees safe and secure is our top priority.
We enact this through a wide program of security activities, including:
- Embracing best of breed cloud technologies, primarily in Microsoft Azure
- Using a range of security centric tools, technology and architecture, from pen testing, code analysis, application firewalls, subnets, VPNs, comms and storage encryption, MFA, robust access policies, and more.
- Hiring highly-experienced and skilled people who both understand and respect security
- Vetting all personnel to a minimum of BPSS standard (or international equivalent)
- Keeping our local devices secure using advanced endpoint management technologies
- Ensuring all our team members undertake monthly security training
- Segregating our production and non-production environments and operating all systems using the principle of least privilege
- Having dedicated security personnel and teams
- Undertaking regular internal and external audits and having a company-wide philosophy of continuous improvement
- Adhering to industry best practices and standards, such as ISO27001
- Being transparent about how and where we store data
- Adopting a security-by-design ethos of never storing data we don’t need, or increasing risk exposure without absolutely justifiable cause – thus minimising security threats by simply not having the risk in the first place.
Vulnerability Disclosure Policy
We take the security of our software and services very seriously. If you have a security concern or wish to report a vulnerability, please contact support@iamcloud.com. Your case will be provided to our Security team for investigation and follow-up.
We ask that you supply:
- A description of the issue
- Steps to reproduce
- Version impacted
- Supporting details such as screenshots, logs or POC code
Once received, we will validate the issue before taking steps to remediate. Summary detail on fixes will be published as part of our version Release Notes. You will be individually informed of progress via our Support team.
ISO27001
ISO27001 is a globally recognised Information Security Management System (ISMS) standard. IAM Cloud originally obtained ISO certification back in 2016 and are proud to have retained certification for compliance with ISO/IEC 27001:2013 ever since. Our current certificate is available for download here.
Product security
Cloud Drive Mapper’s product specification including a range of aspects surrounding its security and compliance with data protection regulations, are covered on the CDM knowledge base: https://cdm.iamcloud.info
For any further product or product security questions, please contact our sales team at sales@iamcloud.com