Last update: July 20, 2021
Givecloud places great importance on cybersecurity to protect against external threats and malicious insiders. Givecloud has implemented the appropriate management, operational, and technical security controls to manage cyber risks, to be resilient against cyber incidents, and to detect and protect against cyber threats. Givecloud meets or exceeds the industry’s information security best practices and applies security controls to protect its clients and Givecloud.
Givecloud’s cybersecurity program is structured around the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF).
This document provides an overview of Givecloud’s approach to information security and its practices to secure information, systems, and services. This approach is aligned around the five functions of the NIST CSF:
❖ Risk Governance
Risk governance and risk management are a function of Givecloud’s management culture. Givecloud’s governance model is achieved by the day-to-day activities of managers and their teams.
❖ Asset Management
Givecloud maintains an asset management system that inventories, classifies, and protects applications, information, and hardware. Givecloud’s Mobile device management implementation allows it to control, secure and enforce policies on smartphones, tablets, and other endpoints.
❖ Identity and Access Management
Givecloud has implemented security controls to identify, authorize, authenticate and manage individuals’ access to Givecloud’s systems and information assets.
❖ Applications and Software Security
Givecloud manages application and software security through its secure software development practices, vulnerability testing, monitoring, and logging.
❖ Infrastructure Security
Givecloud protects its infrastructure through vulnerability testing, system hardening, and malware protection.
❖ Data Protection and Data Privacy
Givecloud has implemented security controls that are designed to safeguard Givecloud and client data. This includes the secure storage and transmission of data.
❖ Mobile Security
Givecloud’s mobile solutions allow employees to conduct business activities on their personal devices while protecting Givecloud systems and client information.
❖ Physical Security
Givecloud has implemented physical security controls at all Givecloud facilities including its office spaces, and cloud-based facilities.
❖ Continuous Monitoring
Givecloud maintains detective security controls at the network, end-point, and application layers to detect anomalous activities, potential threat activities, and indicators of compromise.
❖ Anomaly Detection
Givecloud has deployed end-point protection and detection services to ensure that security anomalies and events are detected quickly, and their potential impact is understood.
❖ Incident Management
Givecloud’s incident management processes enable the effective detection and management of security threats and incidents that have the potential to impact the confidentiality, integrity, or availability of Givecloud’s information, applications, and services.
❖ Givecloud’s Business Continuity and Disaster Recovery processes covers both business and technology resilience. Givecloud’s cloud-based infrastructure features a highly available architecture where applications and information can be restored within their Recovery Time Objective.
Every Givecloud account is: