Cutover works with some of the world’s largest organizations, including global banks, insurers, financial institutions, and retail giants. Our clients expect the highest level of security and entrust Cutover to ensure the confidentiality, integrity, and availability of their data. Cutover has implemented a dedicated information security function which is represented at the highest level of the company to maintain accountability and transparency of the process.
Information is our most precious asset, and this is why security is our top priority. We've always been transparent in our approach to security and operate a mature security program so you can feel safe and assured using our platform and services.
Our security program and controls are based on international standards and best practices including ISO/IEC 27001 and SOC 2, the global standard for information security management systems (ISMS) and NIST CSF, a policy framework of computer security guidance for how organizations can assess and improve their ability to prevent, detect, and respond to cyber-attacks. As of October 2021, complementing our existing ISO27001 certification, Cutover is now also SOC 2 Type 1 compliant.
Cutover promotes a culture of need-to-know and secure-by-design principles where security is a responsibility shared by all employees. We are committed to respecting the privacy of our customers and employees and protecting data about them from outside parties. The management team ensures a secure environment in which to store and process this information. This is reflected in the employee onboarding process and our investment in training to highlight security and raise general awareness.
All employees receive security training which includes a review of internal policies, security best practices, and other regulatory principles. Training is delivered online through information security and cybersecurity platforms, which is regularly updated with new content. Employees are also required to complete and comply with Cutover’s information security policies and report any security issues to the information security team.
Cutover has achieved the International Organization for Standardization (ISO) certification for Information Security Management (ISO/IEC 27001:2013). This internationally recognized standard for Information Security Management Systems (ISMS) covers a variety of controls including:
Cutover is also registered with the Information Commissioner’s Office (ICO) to support the implementation of data protection principles under registration number ZA152033.
Cutover complies with the General Data Protection Regulation (GDPR). We operate a GDPR framework to ensure the protection of our customers and employees’ personal data. We have worked with security and our legal counsel to deliver an aligned approach to GDPR completing the following:
Cutover is deployed as Software-as-a-Service (SaaS) using Amazon Web Services (AWS). Our network configuration and infrastructure has been verified by tier-1 financial institutions and the platform is regularly penetration tested by an independent third party. Physical controls exist at Cutover HQ and AWS:
Cutover operates an employee joiner, mover, leaver (JML) process. Our JML policy applies to all candidates who go through our hiring process. These checks include identity, right to work, criminal record, employment, watch-list, and negative media checks.
Cutover ensures the confidentiality and integrity of customer information by encrypting data in transit and at rest. All communications with the Cutover Application Programming Interface (API) is over SSL and utilizes TLS v1.2 (256-bit) with strong ciphers. Data at rest is encrypted using AES-256.
The Cutover platform is hosted in high-availability, redundant AWS availability zones in EU West, EU Central, US East, and US West. The Cutover platform has been designed to provide secondary and tertiary failover. This high-availability architecture enables limited service interruption. AWS data centers have been designed and configured with multiple levels of redundancy built-in.
If you have any questions or require further detailed answers, please get in touch with our information security team by emailing us at firstname.lastname@example.org.