California

655 Campbell Technology Parkway,
Suite 200
Campbell, CA 95008 USA

Phone: +1 408 574 7802
Fax: 1 408 377 3002

Centric Software Security & Compliance

Your data is safe with us.

Data security by design.

Trusted by the world’s leading organizations.

With our roots in Silicon Valley, we know how important it is for organizations to trust their software partners. This means that protecting your data and meeting your compliance requirements is our number one priority. As a result, our web applications are developed through a security by design methodology.

With a team of focused security professionals, a robust and secure hosting environment and following ISO 27001 standards, we are confident our solutions are stable, reliable and compliant. In fact, we stake our reputation on it.

Browse success stories from our customers
A network of interconnected hexagons surrounds a blue central circle with a shield icon, symbolizing security and data privacy. The hexagons and circle are seamlessly linked, reflecting robust connectivity.
18,000+ brands brought to market
50+ countries

Leading-edge Security

From managing external suppliers such as hosting partners, through to following development best practices and deploying teams focused on security, our approach is designed to align with security frameworks and exceed internationally recognized standards.

    • Physical Security
    • Access Control
    • Security Personnel
    • Vulnerability Management
    • Encryption
    • Development
    Physical Security @2x
    Access Control @2x
    Security Personnel @2x
    Vulnerability Management @2x
    Centric 3D Connect
    Develpoment @2x

    Data security and compliance

    Centric Software has implemented governance, risk management, and compliance practices that align with recognized information security frameworks.

    SOC2 Type 2

    Centric Software has been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles.

    Contact us

    SOC3 Type 2

    Centric Software has been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles.

    Download SOC 3 Report

    GDPR

    The General Data Protection Regulation (GDPR) introduced rules for organizations that offer goods and services to people in the European Union (EU), or that collect and process personal information relating to EU citizens, no matter where such organisation is located. Centric Software is committed to protecting personal information.

    ISO/IEC 27001:2013

    Centric Software's certification for ISO/IEC 27001:2013, ISO 27017:2015, and ISO 27018:2019 was issued by A-LIGN, an independent and accredited certification body, on successful completion of a formal audit process.

    Download ISO Certificate

    ISO/IEC 27017:2015

    ISO/IEC 27017:2015 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards.

    Download ISO Certificate

    ISO/IEC 27018:2019

    ISO/IEC 27018:2019 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO/IEC information security standard 27002 and provides implementation guidance on ISO/IEC 27002 controls applicable to public cloud Personally Identifiable Information (PII).

    Download ISO Certificate

    Protecting data at every stage.

    Trust is built on openness. So being accountable and clear about the processes we have in place to protect the security, integrity and compliance of our systems and your data is fundamentally important to us. In this section, you can find out more about the various policies we follow and the security measures we take to secure our platform and your data.

    Security Policies

    Centric Software maintains and regularly reviews and updates its information security policies, at least on an annual basis. Employees must acknowledge policies and undergo periodic training pertaining to job function. Training is designed to adhere to all specifications and regulations applicable to Centric Software.

    Asset Management

    Centric Software maintains an asset management policy which includes identification, classification, retention, and disposal of information and assets. Company-issued devices are equipped with full hard disk encryption, up-to-date antivirus software, end point intrusion prevention and detections systems. Only company-issued devices are permitted to access corporate and production networks.

    Incident Management

    Centric Software maintains a security incident response process that covers the initial response, investigation, notification to customers and/or individuals (as may be required), public communication, and remediation. This process is reviewed regularly and tested bi-annually.

    Breach Notification

    Despite best efforts, no method of transmission over the internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Centric Software learns of an actual security breach, we will notify affected users as required by law or otherwise so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under applicable country level, state and federal laws and regulations.

    Business Continuity Management

    Backups are encrypted and stored at a secondary environment to preserve their confidentiality and integrity. Centric Software employs a backup strategy to ensure minimum downtime and data loss to meet recovery time objective (RTO) and recovery point objective (RPO). The Business Continuity Plan (BCP) is tested and updated on a regular basis to ensure its effectiveness in the event of a disaster.

    Logging and Monitoring

    Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorized Centric Software personnel. Logs are preserved in accordance with regulatory requirements.

    Application Secure Release Criteria

    Centric Software has also introduced a secure release criteria for all software releases which includes:

    • Dependency checks for any code libraries for publicly disclosed vulnerabilities and unsupported versions.
    • Static Application Security Testing (SAST) where testers have access to the underlying framework, design and implementation. Application is tested inside out.
    • Dynamic Application Security Testing (DAST) where tester has no knowledge of the technologies or frameworks that the application is built on. Application is tested outside in.
    • Peer code reviews conducted by senior members of the dev team to ensure internal standards are met.
    • External Penetration Testing to ensure no critical, high or medium vulnerabilities exist in the application or the platform it’s hosted on.
    • Regulatory compliance checks to meet applicable standards and ensure adherence to data privacy and protection laws.

    Frequently asked questions

    Can I get more information regarding security and compliance?

    If you have further questions regarding security and compliance, please use the forms on our Contact Us page to get in touch. For any legal enquiries, please contact legal@centricsoftware.com 

    How do I report potential vulnerabilities?

    Existing Centric Software customers are expected to use the support portal to report any issues for any product or service. Security researchers willing to share suspected vulnerabilities privately may contact us directly through the Centric Software Vulnerability Reporting page. To bring value to your report and assist our teams in evaluating the suspected vulnerabilities, each report would ideally include a detailed description, perceived risk, the targeted scope, and its level, POC and any supporting materials.

    Popular resources