Security at CloudM

CloudM is proud to be Cyber Essentials certified, a certification which is renewed annually. 

The National Cyber Security Centre (NCSC) is a UK government organization set up to provide practical guidance to large organizations, SMBs and the general public to nurture the UK’s cyber security capability. 

The Cyber Essentials scheme was introduced as a way for companies to gain a clear picture of the cybersecurity measures they or their suppliers have in place. While participation in the Cyber Essentials scheme is voluntary, doing so shows an organization’s commitment to keeping itself and its customers safe. 

As part of our continuous efforts to achieve the highest data security standards, CloudM is proud to be Cyber Essentials certified, a certification which is renewed annually.

Our customers trust us to ensure they comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) which standardizes how organizations keep private health information of US patients safe.

Our Business Associate Agreement is available upon request.

In addition to the Cyber Essentials scheme, the NCSC publishes guidance on a number of cybersecurity topics, such as cloud security.

The guidelines cover everything from personnel security to the physical tampering of data.

We believe that transparency in security is vital, and so have outlined exactly how CloudM meets these principles in greater detail in

our knowledge base.

The security and privacy of our customers’ personal data is at the core of everything we do.

We constantly monitor regulatory changes in our key markets and ensure that our products and documentation remain up to date and compliant with the relevant privacy and security requirements, including:

1. the General Data Protection Regulation ((EU) 2016/679 (EU GDPR), Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union (NIS2 Directive) and the EU Digital Operational Resilience Act (DORA);
2. the UK Data Protection Act 2018 (DPA 2018) implementing the EU GDPR in the United Kingdom (UK GDPR), and the UK Privacy and Electronic Communications Regulations 2003;
3. The US Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Family Educational Rights and Privacy Act (FERPA), the California Consumer Privacy Act (CCPA) and the proposed American Privacy Rights Act (ARPA).

You can find out more about how we handle personal data in our Privacy Notice and standard Data Processing Addendum, or by contacting CloudM’s legal team at legal@cloudm.io.

New features, software updates and new attack mechanisms leave organizations susceptible to outside attacks. Penetration tests (often known as pentests) are a common tool used to find potential security risks within a computer system: they simulate a cyberattack and evaluate the system’s response.

CloudM works with a 3rd party on a regular basis to execute pentests, identify any vulnerabilities within our systems and resolve these as required. To ensure that our systems are secured against external and internal threats, our pentests include checks with full access.

At CloudM we use Snyk to secure our code, open source dependencies and container images. Snyk is a developer security platform that enables application and cloud developers to secure their whole application by finding and fixing vulnerabilities from their first lines of code to their running cloud.

CloudM also uses GitHub Dependabot to identify and automate the discovery and upgrade of 3rd party dependencies within our software products.

Secure coding is the practice of writing code in a way that prevents the accidental introduction of system vulnerabilities later and it is therefore an essential way in which software developers can protect their products and systems from cyberattacks and insider threats. 

CloudM’s developers follow secure coding practices throughout the planning and development of our products and their features, significantly improving the security of our customers and our own systems.