Security is a shared responsibility between the service provider and the customer. At ClearPoint Strategy, we understand the critical importance of safeguarding your data, which is why we have implemented a shared security model that delineates the responsibilities of both parties.
This model involves security measures that ClearPoint Strategy, as the service provider, implements and those that the customers are responsible for to ensure the overall security of the application and data.
In this support article, we will explain the shared security model, delineating the responsibilities of ClearPoint Strategy, the customer, and Amazon Web Services (AWS), our cloud service provider.
ClearPoint Strategy Responsibilities
ClearPoint Strategy is responsible for the security of the application and the underlying infrastructure. Here are the key security measures that we have implemented:
SOC 2 Type II Certification: ClearPoint Strategy is SOC 2 Type II certified, which means that we have undergone a thorough audit by a third-party organization to verify our security controls and practices.
Application Security: We have implemented various application security measures such as input validation, secure coding practices, and regular security testing to identify and fix potential vulnerabilities.
Access Controls: We have implemented strict access controls to ensure that only authorized personnel have access to sensitive data and systems.
Data Encryption: Data stored in the ClearPoint Strategy application is encrypted at rest and in transit.
Regular Security Audits: We conduct regular security audits to identify and address potential security risks.
Customer Responsibilities
As a customer, you are responsible for the security of your data and for controlling access to the application. Here are the key security measures that you should implement:
Authentication: Use OpenID Connect (OIDC) authentication or configure SAML connections for authentication. Ensure that passwords are strong and unique, and enable multi-factor authentication (MFA) wherever possible.
Access Control: Ensure that only the correct people have access to the application. Regularly review and update the list of users who have access to the application.
Password Complexity Rules: Implement password complexity rules to ensure that users create strong passwords.
IP Address Restrictions: Implement IP address restrictions to limit access to the application from specific locations.
Regularly Review Audit Logs: Regularly review the audit logs to identify any suspicious activities or access patterns.
Amazon Web Services (AWS) Responsibilities
ClearPoint Strategy hosts its application on AWS, which provides a robust and comprehensive security infrastructure. AWS is responsible for the security of the underlying cloud infrastructure, including physical security, network security, and data security. AWS complies with various industry standards and certifications such as ISO 27001, SOC 1/2/3, and PCI DSS.
Conclusion
Security is a shared responsibility between ClearPoint Strategy, the customer, and AWS. By delineating the responsibilities of each party and implementing robust security measures at each level, we can create a secure environment for data storage and processing.