Security

Last update: July 20, 2021

Security Statement

Givecloud places great importance on cybersecurity to protect against external threats and malicious insiders. Givecloud has implemented the appropriate management, operational, and technical security controls to manage cyber risks, to be resilient against cyber incidents, and to detect and protect against cyber threats. Givecloud meets or exceeds the industry’s information security best practices and applies security controls to protect its clients and Givecloud. 

Givecloud’s cybersecurity program is structured around the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).

This document provides an overview of Givecloud’s approach to information security and its practices to secure information, systems, and services. This approach is aligned around the five functions of the NIST CSF:

 

Identify

❖   Risk Governance

Risk governance and risk management are a function of Givecloud’s management culture.  Givecloud’s governance model is achieved by the day-to-day activities of managers and their teams.

❖   Asset Management

Givecloud maintains an asset management system that inventories, classifies, and protects applications, information, and hardware. Givecloud’s Mobile device management implementation allows it to control, secure and enforce policies on smartphones, tablets, and other endpoints.

 

Protect

❖   Identity and Access Management

Givecloud has implemented security controls to identify, authorize, authenticate and manage individuals’ access to Givecloud’s systems and information assets.

❖   Applications and Software Security

Givecloud manages application and software security through its secure software development practices, vulnerability testing, monitoring, and logging.

❖   Infrastructure Security

Givecloud protects its infrastructure through vulnerability testing, system hardening, and malware protection.

❖   Data Protection and Data Privacy

Givecloud has implemented security controls that are designed to safeguard Givecloud and client data.  This includes the secure storage and transmission of data.  

❖   Mobile Security

Givecloud’s mobile solutions allow employees to conduct business activities on their personal devices while protecting Givecloud systems and client information.

❖   Physical Security

Givecloud has implemented physical security controls at all Givecloud facilities including its office spaces, and cloud-based facilities.

 

Detect

❖   Continuous Monitoring

Givecloud maintains detective security controls at the network, end-point, and application layers to detect anomalous activities, potential threat activities, and indicators of compromise. 

❖   Anomaly Detection

Givecloud has deployed end-point protection and detection services to ensure that security anomalies and events are detected quickly, and their potential impact is understood.

 

Respond

❖   Incident Management

Givecloud’s incident management processes enable the effective detection and management of security threats and incidents that have the potential to impact the confidentiality, integrity, or availability of Givecloud’s information, applications, and services.

 

Recover

❖   Givecloud’s Business Continuity and Disaster Recovery processes covers both business and technology resilience. Givecloud’s cloud-based infrastructure features a highly available architecture where applications and information can be restored within their Recovery Time Objective.

Every Givecloud account is:

  • PCI-DSS SAQ Compliant
  • Encrypted using a 256bit TLS Certificate
  • Hosted securely in a World Class Data Center
  • Backed-up Daily, Weekly and Monthly