Cookie consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

cutover-for-technology-resilience
cutover-for-it-system-and-application-start-of-day-process-checks-solution
cutover-for-cloud-disaster-recovery-solution
cutover-for-cyber-resilience-solution
cutover-for-it-disaster-recovery-brochure
new-press-release
calculate-your-roi
Security

Operating a security-first culture

Our approach

Cutover works with some of the world’s largest organizations, including global banks, insurers, financial institutions, and retail giants. Our clients expect the highest level of security and entrust Cutover to ensure the confidentiality, integrity, and availability of their data. Cutover has implemented a dedicated information security function which is represented at the highest level of the company to maintain accountability and transparency of the process.

Information is our most precious asset, and this is why security is our top priority. We've always been transparent in our approach to security and operate a mature security program so you can feel safe and assured using our platform and services.

Our security program and controls are based on international standards and best practices including ISO/IEC 27001 and SOC 2, the global standard for information security management systems (ISMS) and NIST CSF, a policy framework of computer security guidance for how organizations can assess and improve their ability to prevent, detect, and respond to cyber-attacks. As of October 2021, complementing our existing ISO27001 certification, Cutover is now also SOC 2 Type 1 compliant.

Culture

Cutover promotes a culture of need-to-know and secure-by-design principles where security is a responsibility shared by all employees. We are committed to respecting the privacy of our customers and employees and protecting data about them from outside parties. The management team ensures a secure environment in which to store and process this information. This is reflected in the employee onboarding process and our investment in training to highlight security and raise general awareness.

Training and awareness

All employees receive security training which includes a review of internal policies, security best practices, and other regulatory principles. Training is delivered online through information security and cybersecurity platforms, which is regularly updated with new content. Employees are also required to complete and comply with Cutover’s information security policies and report any security issues to the information security team.

Compliance

Cutover has achieved the International Organization for Standardization (ISO) certification for Information Security Management (ISO/IEC 27001:2013). This internationally recognized standard for Information Security Management Systems (ISMS) covers a variety of controls including:

  • Information security policies
  • The organization of information security
  • People security
  • Asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operation security
  • Communications security
  • System acquisition, development, and maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of business continuity
  • Compliance

Cutover is also registered with the Information Commissioner’s Office (ICO) to support the implementation of data protection principles under registration number ZA152033.

GDPR compliance

Cutover complies with the General Data Protection Regulation (GDPR). We operate a GDPR framework to ensure the protection of our customers and employees’ personal data. We have worked with security and our legal counsel to deliver an aligned approach to GDPR completing the following:

  • Created a Data Protection Impact Assessment (DPIA)
  • Created a Data Processing Addendum (DPA) to supplement our Client Terms of Service and reflects our requirements as a processor of customer data.
  • Reviewed our security practices, policies, infrastructure and suppliers.
  • Received ISO 27001 certification to strengthen and provide an independently audited view of our security controls.

Cloud architecture

Cutover is deployed as Software-as-a-Service (SaaS) using Amazon Web Services (AWS). Our network configuration and infrastructure has been verified by tier-1 financial institutions and the platform is regularly penetration tested by an independent third party. Physical controls exist at Cutover HQ and AWS:

  • Cutover physical security policy requires all employees to access the premises via registered access fobs. Visitors are signed in under their respective roles and accompanied at all times. Cutover offices are monitored 24/7 with CCTV surveillance.
  • Cutover uses the AWS cloud platform which provides a high level of physical security. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. AWS staff must pass two-factor authentication a minimum of two times to access data center floors. Security policies are reviewed on an annual basis.

Background checks

Cutover operates an employee joiner, mover, leaver (JML) process. Our JML policy applies to all candidates who go through our hiring process. These checks include identity, right to work, criminal record, employment, watch-list, and negative media checks.

Protecting data

Cutover ensures the confidentiality and integrity of customer information by encrypting data in transit and at rest. All communications with the Cutover Application Programming Interface (API) is over SSL and utilizes TLS v1.2 (256-bit) with strong ciphers. Data at rest is encrypted using AES-256.

Availability and redundancy

The Cutover platform is hosted in high-availability, redundant AWS availability zones in EU West, EU Central, US East, and US West. The Cutover platform has been designed to provide secondary and tertiary failover. This high-availability architecture enables limited service interruption. AWS data centers have been designed and configured with multiple levels of redundancy built-in.

For further information

If you have any questions or require further detailed answers, please get in touch with our information security team by emailing us at infosec@cutover.com.

Experience the power of Collaborative Automation for yourself.

Book a demo today or contact our sales team for more information