Operating a security-first culture.
Cutover works with some of the world’s largest organizations, including global banks, insurers, financial institutions, and retail giants. Our clients expect the highest level of security and entrust Cutover to ensure the confidentiality, integrity, and availability of their data. Cutover has implemented a dedicated information security function which is represented at the highest level of the company to maintain accountability and transparency of the process.
Information is our most precious asset, and this is why security is our top priority. We've always been transparent in our approach to security and operate a mature security program so you can feel safe and assured using our platform and services.
Our security program and controls are based on international standards and best practices including ISO/IEC 27001, the global standard for information security management systems (ISMS) and NIST CSF, a policy framework of computer security guidance for how organizations can assess and improve their ability to prevent, detect, and respond to cyber-attacks.
Cutover promotes a culture of need-to-know and secure-by-design principles where security is a responsibility shared by all employees. We are committed to respecting the privacy of our customers and employees and protecting data about them from outside parties. The management team ensures a secure environment in which to store and process this information. This is reflected in the employee onboarding process and our investment in training to highlight security and raise general awareness.
All employees receive security training which includes a review of internal policies, security best practices, and other regulatory principles. Training is delivered online through information security and cybersecurity platforms, which is regularly updated with new content. Employees are also required to complete and comply with Cutover’s information security policies and report any security issues to the information security team.
Cutover has achieved the International Organization for Standardization (ISO) certification for Information Security Management (ISO/IEC 27001:2013). This internationally recognized standard for Information Security Management Systems (ISMS) covers a variety of controls including:
Cutover is also registered with the Information Commissioner’s Office (ICO) to support the implementation of data protection principles under registration number ZA152033.
Cutover complies with the General Data Protection Regulation (GDPR). We operate a GDPR framework to ensure the protection of our customers and employees’ personal data. We have worked with security and our legal counsel to deliver an aligned approach to GDPR completing the following:
Cutover is deployed as Software-as-a-Service (SaaS) using Amazon Web Services (AWS). Our network configuration and infrastructure has been verified by tier-1 financial institutions and the platform is regularly penetration tested by an independent third party. Physical controls exist at Cutover HQ and AWS:
Cutover physical security policy requires all employees to access the premises via registered access fobs. Visitors are signed in under their respective roles and accompanied at all times. Cutover offices are monitored 24/7 with CCTV surveillance.
Cutover uses the AWS cloud platform which provides a high level of physical security. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. AWS staff must pass two-factor authentication a minimum of two times to access data center floors. Security policies are reviewed on an annual basis.
Cutover operates an employee joiner, mover, leaver (JML) process. Our JML policy applies to all candidates who go through our hiring process. These checks include identity, right to work, criminal record, employment, watch-list, and negative media checks.
Cutover ensures the confidentiality and integrity of customer information by encrypting data in transit and at rest. All communications with the Cutover Application Programming Interface (API) is over SSL and utilizes TLS v1.2 (256-bit) with strong ciphers. Data at rest is encrypted using AES-256.
Availability and redundancy
The Cutover platform is hosted in high-availability, redundant AWS availability zones in EU West, EU Central, US East, and US West. The Cutover platform has been designed to provide secondary and tertiary failover. This high-availability architecture enables limited service interruption. AWS data centers have been designed and configured with multiple levels of redundancy built-in.
Request your tailored demo
Explore the key features of Cutover and see how we help your team and organization to drive real success.
Cutover integrates with a whole range of third-party tools, enabling you to harmonize and consolidate your activities.