Book a demo
To see exactly how we can help you drive your company in the right direction, book a demo with an expert.
CMap is ISO/IEC 27001 compliant, which means we adhere to the international standard on information security management
ISO27001 protects the availability, confidentiality and integrity of your data through risk assessment & risk mitigation
Certifications
BSI - ISO 27001 Certified
Cyber essentials - Certified of Assurance
Cyber essentials plus - Certified of Assurance
Our objective is to provide our clients with cloud-based software that increases their profitability & efficiency. That’s why we process your supplied personal information to provide you with the most appropriate and relevant marketing, information, services and products
This means we’ll only process your data where it’s necessary for the purposes of legitimate interest. We strictly adhere to data protection laws and utilise annual reviews to ensure we’re consistently compliant. We also employ regular external audits, with annual penetration tests and follow the ICO Accountability Framework.
We perform regular tests and assessments to ensure the quality of our product, following the core Kanban principles
and practices. This includes unit testing, automation testing, user acceptance testing, alpha/beta testing, and manual testing
We also incorporate business analysis planning into our practices, using agile methodology and the continuous delivery approach to constantly test and qualify the quality of our product
We only retain data for as long as required. Our client data is deleted 30 days after the contract expiry date. If you no longer work at an organisation where you received marketing communications from us, we delete all of your personal data associated with that company as soon as we’re notified you’ve left that business
Your data is surfaced via multiple front-end web servers. Our Azure SQL server is replicated to three different databases across two different locations. Our North Europe data centre is located in Amsterdam (Netherlands) and our West Europe data centre is located in Dublin (Ireland)
Our business continuity plans are tested quarterly on a set schedule. They are updated after each test, and also reviewed as a whole on an annual basis
All of our offices have strict security measures in place, including alarms and locked sensitive areas, as well as a clear desk & screen policy. Our offices also require key card access, which is managed by the front desk
All of our employees undergo regular information security & GDPR awareness training provided by KnowBe4, as well as team technology training provided by Pluralsight. All staff are also DBS checked, have NDAs in their contracts, and have individual personal development plans
CMap uses Microsoft Hosting (Azure), and we utilise a risk-based approach to auditing suppliers, working in collaboration to improve information security
We take a risk-based approach to information security, using a defined methodology to identify assets and their subsequent threats & vulnerabilities. To help prioritise our risks, we score each identified risk with a risk/likelihood matrix. Our risk assessments are carried out annually, or upon a significant change
All data is encrypted both in transit (SSL 2048bit) and at rest (Azure SQL and BLOB storage)
All of our developers follow OWASP (Open Web Application Security Project), and code is reviewed, inspected & tested with SonarCloud. The software development lifecycle also uses the security-by-design approach, with security built in from the beginning
Our developers’ tech stack includes a Microsoft suite (Visual Studio, DevOps, SQL Enterprise Manager), Azure SQL, C#, MVC, .NET Core, JavaScript, and REST API
CMap offers a range of in-app security features, including SSL, SSO, security groups, admin tools, reporting, and TLS settings (API)
We also offer privacy & GDPR features including reporting, custom fields, complete contact deletion, audits on date created, and ‘do not contact’ options