What security certifications does ClearPoint have? ‍

ClearPoint is SOC 2 Type II certified, demonstrating our commitment to security, availability, and confidentiality. We're also GDPR and CCPA compliant. For a copy of our SOC 2 report or additional compliance documentation, contact support@clearpointstrategy.com.

How is my data encrypted? ‍

All customer data is protected with AES-256 encryption at rest and TLS/HTTPS encryption in transit over public networks. This military-grade encryption ensures your strategic information remains secure at all times.

What kind of backup and disaster recovery do you have? ‍

We store all client data in fully redundant databases with daily and intraday backups, encrypted with AES-256 and stored in geographically separated locations. Our architecture includes complete redundancy across load balancers, storage units, and processing engines, with data always written to two separate locations.

How do you handle security incidents? ‍

We maintain a robust Security Incident Response Process (SIRP) with defined severity criteria, investigation workflows, and escalation procedures. Critical issues are remediated immediately, and affected clients are notified promptly through their Account Manager.

What authentication options are available? ‍

ClearPoint supports Two-Factor Authentication (2FA), SAML-based Single Sign-On (SSO), and integration with identity providers like Active Directory, Okta, and Azure AD. Access to client data is restricted to legitimate business use only with role-based permissions.

How do you monitor and maintain security?‍

We use enterprise application management solutions for 24/7 system monitoring, with automated alerts for security events. Our systems track network resources, operating systems, and applications continuously, scaling automatically when capacity thresholds are reached.

How are your employees trained on security?‍

All employees undergo background checks and receive security training during onboarding. Annual security and privacy training is mandatory for all staff, with additional specialized training for those handling client data. All employees must acknowledge our Information Security Policy.

What is your change management process?‍

We follow formal change management procedures where all changes are tested in separate environments and reviewed by Engineering and Technical Support before production deployment. All changes are tracked, documented, and approved through regular change management meetings.

How do you ensure business continuity?‍

Our Business Continuity Planning (BCP) and Disaster Recovery (DR) processes prioritize critical functions. With our distributed cloud architecture, redundant infrastructure, and geographically separated data centers, we maintain high availability and can quickly recover from any disruption.

How often do you update your security practices?

‍We follow an agile development methodology with security testing throughout the entire lifecycle. Our Information Security Policy is reviewed and updated annually, and we conduct regular third-party penetration testing to identify and address potential vulnerabilities.

Can I restrict access to specific data within my organization?‍

Yes, ClearPoint offers element-level permissions that allow granular control over who can see and edit specific data. You can create custom roles, department hierarchies, and access policies that match your organizational structure.

How can I get more security information?‍

For detailed security documentation, SOC 2 reports, or specific compliance questions, please contact our security team at support@clearpointstrategy.com.