Data & Security

At CMap Software, we’re committed to keeping your data safe & secure That’s why we use a security-by-design approach, using rigorous assessments and adhering to best practices to give you peace of mind

Accreditations

CMap is ISO/IEC 27001 compliant, which means we adhere to the international standard on information security management

ISO27001 protects the availability, confidentiality and integrity of your data through risk assessment & risk mitigation

Certifications

BSI - ISO 27001 Certified

Cyber essentials - Certified of Assurance
Cyber essentials plus - Certified of Assurance

We work to 3 core principles of information security

Availability

We have a clear data redundancy process to keep your network in service in the event of failure ensuring minimal downtime and seamless business continuity.

Confidentiality

Our employees all undergo comprehensive data privacy training, with supply chain management & a clear data retention policy

Integrity

We have crucial data backups in place, protecting sensitive data with encryption, & comprehensive staff training to keep your information secure

GDPR & Compliance

Our objective is to provide our clients with cloud-based software that increases their profitability & efficiency. That’s why we process your supplied personal information to provide you with the most appropriate and relevant marketing, information, services and products

This means we’ll only process your data where it’s necessary for the purposes of legitimate interest. We strictly adhere to data protection laws and utilise annual reviews to ensure we’re consistently compliant. We also employ regular external audits, with annual penetration tests and follow the ICO Accountability Framework.

Quality

We perform regular tests and assessments to ensure the quality of our product, following the core Kanban principles
and practices. This includes unit testing, automation testing, user acceptance testing, alpha/beta testing, and manual testing

We also incorporate business analysis planning into our practices, using agile methodology and the continuous delivery approach to constantly test and qualify the quality of our product

FAQs

How and where is my data stored?

We only retain data for as long as required. Our client data is deleted 30 days after the contract expiry date. If you no longer work at an organisation where you received marketing communications from us, we delete all of your personal data associated with that company as soon as we’re notified you’ve left that business

Your data is surfaced via multiple front-end web servers. Our Azure SQL server is replicated to three different databases across two different locations. Our North Europe data centre is located in Amsterdam (Netherlands) and our West Europe data centre is located in Dublin (Ireland)

What is your business continuity plan?

Our business continuity plans are tested quarterly on a set schedule. They are updated after each test, and also reviewed as a whole on an annual basis

What physical security measures do you have in place?

All of our offices have strict security measures in place, including alarms and locked sensitive areas, as well as a clear desk & screen policy. Our offices also require key card access, which is managed by the front desk

What security measures do your staff and contractors follow?

All of our employees undergo regular information security & GDPR awareness training provided by KnowBe4, as well as team technology training provided by Pluralsight. All staff are also DBS checked, have NDAs in their contracts, and have individual personal development plans

Who are your key suppliers?

CMap uses Microsoft Hosting (Azure), and we utilise a risk-based approach to auditing suppliers, working in collaboration to improve information security

What risk assessments do you carry out?

We take a risk-based approach to information security, using a defined methodology to identify assets and their subsequent threats & vulnerabilities. To help prioritise our risks, we score each identified risk with a risk/likelihood matrix. Our risk assessments are carried out annually, or upon a significant change

How is my data encrypted?

All data is encrypted both in transit (SSL 2048bit) and at rest (Azure SQL and BLOB storage)

How is CMap's data secured?

All of our developers follow OWASP (Open Web Application Security Project), and code is reviewed, inspected & tested with SonarCloud. The software development lifecycle also uses the security-by-design approach, with security built in from the beginning

What does your development tech stack include?

Our developers’ tech stack includes a Microsoft suite (Visual Studio, DevOps, SQL Enterprise Manager), Azure SQL, C#, MVC, .NET Core, JavaScript, and REST API

What are CMap's in-app security and privacy features?

CMap offers a range of in-app security features, including SSL, SSO, security groups, admin tools, reporting, and TLS settings (API)

We also offer privacy & GDPR features including reporting, custom fields, complete contact deletion, audits on date created, and ‘do not contact’ options