Security and compliance matters to us because it matters to our customers.
As a security company, the security and integrity of our systems is paramount. We accept the responsibility of safeguarding data that our customers’, employees’, and partners’ have entrusted to us.
Each day we rigorously ensure the security, availability, and resilience of our systems. We have implemented policies that follow best-in-class practices for building and managing cloud environments, including application, network and physical security.
SolarWinds Response for Cequence Customers and Prospects
The SolarWinds cyberattack that was caused by malware deployed within their (signed) source code and then delivered to their customers continues to impact organizations around the world. For our customers, Cequence Security does not use SolarWinds in our deployed (customer environment) or corporate endpoints. Going one step further, at the direction of our leadership, we performed an internal review of our security practices to confirm that an attack like the SolarWinds incident would not impact our business and our customers.
A key part of our security program is responsible disclosure. We encourage and greatly appreciate security researchers to contact us to report any potential vulnerabilities found in our products or other digital assets.
If you have identified a potential security vulnerability, please follow the process outlined to engage with our security team.
PCI DSS 3.2
The PCI DSS is an information security standard created by the major credit card companies and managed by the PCI Standards Security council. The PCI DSS sets a baseline of technical and operational requirements needed to protect credit card account information that is shared across systems including card number, verification number, and expiration date. The Cequence systems do not process or store credit card data. However, incoming cardholder data may be decrypted and forwarded on to the client application if it is in the data stream for the protected website.
Our examination for the SOC 2 Type II was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants. The examination was designed for the purpose of expressing an opinion about whether, in all material respects, the description of the Cequence systems and corresponding security controls is presented in accordance with the SOC 2 description criteria and whether the controls stated therein were suitably designed to provide reasonable assurance that the service organization’s service commitments and system requirements were achieved based on the applicable trust services criteria. The opinion of the Auditor was based on the examination and the procedures performed in the examination were limited to those that were considered necessary.