At CloudGuard, we are dedicated to creating trust through transparency. Our Trust Centre is your resource for insights into our commitment to security, compliance and operational resilience. Here, you will find everything you need to understand how we protect and empower our customers and stakeholders.
Our ISO certifications reflect our dedication to excellence in security and quality management.
The ISO 27001:2022 certification assures our stakeholders that we have implemented stringent controls to align with industry standards and regulatory frameworks, including key requirements of DORA and NIS 2, which are critical for operational resilience in today’s digital landscape. Additionally, our ISO 9001 certification highlights our dedication to quality management and continuous improvement, enabling us to consistently meet customer and regulatory expectations.
Should you wish to review our certifications, we are happy to provide visibility upon request.
At CloudGuard, we have implemented a fully documented risk management process that encompasses ICT, information security, project and delivery, business, and operational risks. This process is further strengthened by a comprehensive and integrated risk management approach.
To ensure thorough oversight, a senior leader is appointed to oversee our security management system, processes and risk framework, seamlessly integrating them into our overall governance structure.
We prioritise swift and effective incident management through a clearly defined ICT incident reporting mechanism.
This is supported by a comprehensive, documented incident management and response policy and procedure. Our approach ensures that incidents are handled with precision and accountability, including established protocols for engaging special interest groups and relevant authorities, such as the ICO, within the legally mandated timelines.
This proactive framework reflects our commitment to transparency, compliance and the protection of our stakeholders’ interests.
Resilience and security are integral to our operations.
Our robust testing procedures include scheduled penetration tests to proactively assess and address vulnerabilities, reinforcing our defences against potential threats. These efforts are complemented by continuous vulnerability scanning, seamlessly integrated into our operations, and powered by market-leading tools.
With a forward-looking approach, our penetration tests are planned well into the next 12 months and beyond, ensuring ongoing evaluation and enhancement of our security posture.
CloudGuard conduct annual supply chain assessments with our chosen providers to ensure comprehensive due diligence, continuous monitoring and the integration of security requirements into all contracts.
This rigorous approach to third-party risk management is designed to safeguard our operations and aligns with industry-leading standards, including the regulatory requirements of DORA and NIS 2.
By actively managing and securing our supply chain, we ensure that security remains a shared responsibility across our partnerships.
CloudGuard conducts a series of employee background checks on every employee.
This is repeated at scheduled intervals. CloudGuard customers are only supported by full time employees. Some employees have obtained additional security clearance certificates and support Customers with these requirements in terms of data handling and management.
We prioritise the secure sharing of information through the use of appropriate encryption and established protocols.
Information is shared only with designated parties as necessary, ensuring that sensitive data is protected at all times. This secure framework enables the exchange of critical information regarding cyber threats and vulnerabilities with all stakeholders, entities and relevant authorities, enhancing collective cybersecurity resilience and compliance with industry standards.
CloudGuard conduct regular Business Continuity and Disaster Recovery (BCDR) exercises to ensure the effectiveness of our ICT continuity and recovery plans.
These activities are designed to validate our ability to maintain critical business functions during unforeseen disruptions, providing assurance that we are always prepared to respond to and recover from potential incidents swiftly.
CloudGuard supports Customers operating with Cyber Assessment Framework (CAF) and Enhanced Cyber Assessment Framework (ECAF) requirements.
As part of these requirements, CloudGuard undertakes scheduled organisational resilience checks and tests. This includes but is not limited to simulation events against critical systems, processes and individuals through social engineering.
We incorporate comprehensive contractual provisions with third-party service providers, including monitoring and reporting obligations, business-contingency plans, defined service levels, security standards, audit rights and information access for both the firm and relevant regulators.
This ensures that our third-party relationships are built on a foundation of security, accountability and transparency.
We are committed to allocating sufficient resources to ensure full compliance with all relevant laws and regulations, including UK-GDPR, EU-GDPR, DORA and NIS 2, and aligning with other critical regulations, creating a cohesive compliance framework that safeguards our operations and customer trust. This involves ongoing investments in technology, skilled personnel, and consulting services to meet both current and evolving regulatory requirements.
Our robust network security measures defend against emerging threats. These measures include regular updates, continuous monitoring and proactive threat mitigation to ensure the resilience of our infrastructure.
CloudGuard enforces stringent access control protocols and ensures that sensitive data is encrypted both in transit and at rest. These safeguards protect against unauthorised access and ensure the confidentiality and integrity of critical information.
Corporate management are accountable for cybersecurity initiatives. We ensure that senior leadership is trained in cybersecurity best practices and that they play an active role in addressing and mitigating cyber risks, aligning our governance with the highest standards of security.
We provide ongoing cybersecurity awareness and training for all employees, ensuring every team member understands their role in safeguarding the organisation’s information and systems, creating a culture of security awareness across the company.
Security audits to assess the effectiveness of our security measures are conducted frequently. These audits are a key part of our continuous improvement process, ensuring that we consistently enhance our security posture to meet evolving threats and compliance requirements.
Our Privacy Policy outlines how we collect, use and protect your personal information. We are dedicated to maintaining the privacy and security of your data and ensuring compliance with applicable data protection regulations. For more information, please visit our Privacy Policy.
Our Information Security Policy outlines the comprehensive measures we implement to protect our systems, data, and infrastructure from potential threats.
This includes a robust Information Security Management System (ISMS) that covers all aspects of our operations, ensuring the confidentiality, integrity and availability of our information assets. We employ preventive strategies, continuous threat detection and incident response protocols, all designed to mitigate risks and safeguard both COMPANY and customer data.
Our commitment to security is further reinforced by our adherence to ISO 27001 certification and ongoing improvements in line with our agile business strategy. To learn more, please refer to our Information Security Policy.
Our Quality Policy reflects our commitment to delivering the highest quality of service and products. This policy ensures that we continually improve our processes, meet customer expectations and maintain compliance with relevant standards. For further details, visit our Quality Policy.
Our Terms of Use establish the rules and guidelines for using our website and services. These terms are designed to protect both our users and our company, ensuring a safe and fair digital environment. For further details, visit our Terms of Use.
Our Cookie Policy explains how we use cookies to enhance your experience on our website. It also provides guidance on how you can manage your cookie preferences and control your privacy settings. To read more, please see our Cookie Policy.
CloudGuard undertakes frequent reviews of all suppliers and partners against an agreed baseline standard to ensure compliance. CloudGuard also operates an open and transparent culture with all employees and customers.
CloudGuard is a privately owned business but is independently audited on a scheduled basis, which includes independent checks on any individual operating with significant control or ownership.
If you have any questions or need further information, please do not hesitate to contact us. We are here to help and ensure you have the information you need.