CARA Platform is an automation platform for Security, Compliance and Third party risk management that keeps a constant watch on a company’s security controls and manages evidence while also streamlining compliance workflows to ensure readiness for audits.We offer a robust and versatile platform, specifically designed to address security and compliance challenges.

CARA employs industry-standard security best practices and fully manages our platform security, leaving users with the peace of mind necessary to focus on their operations and pursue their business objectives.

At CyberInsurify RM Labs, we are committed to providing our customers with a secure and reliable automation platform for Security, Compliance, and Third-Party Risk Management. As part of our dedication to maintaining the highest standards of integrity and trust, we expect our employees, partners, and customers to adhere to the following Security Code of Conduct:

1. Data Confidentiality and Privacy:

a. Customer Data: We recognize the sensitivity of customer data and commit to handling it with the utmost care and confidentiality.

b. Data Encryption: All data transmitted and stored on our platform should be encrypted to ensure the protection of sensitive information.

2. Access Control and Authentication:

a. User Authentication: Users must employ strong, unique passwords and utilize multi-factor authentication whenever possible to secure their accounts.

b. Access Permissions: Access to the platform should be based on the principle of least privilege, ensuring that users have only the necessary access required to perform their duties.

3. Incident Reporting and Response:

a. Timely Reporting: Any suspected or confirmed security incidents must be reported promptly to the designated security team.

b. Collaboration: In the event of a security incident, all parties, including customers, are expected to collaborate with CyberInsurify RM Labs to investigate and remediate the issue.

4. Regulatory Compliance:

a. Adherence to Laws and Regulations: Users of the platform must comply with all applicable laws and regulations related to data protection and privacy.

b. Regular Audits: Regularly review and audit the platform to ensure ongoing compliance with relevant industry standards and regulations.

5. Software Updates and Patching:

a. Timely Updates: Keep the platform and all associated software up to date with the latest security patches to address vulnerabilities promptly.

b. Patch Management: Establish a patch management process to systematically assess, test, and apply patches in a controlled manner.

6. Third-Party Risk Management:

a. Vendor Assessment: Assess and manage the security practices of third-party vendors to ensure they meet our security standards.

b. Contractual Obligations: Clearly define security expectations in contracts with third-party vendors, holding them to the same security standards as our own.

7. Security Awareness and Training:

a. Continuous Training: Ensure that all users receive regular training on security best practices to enhance awareness and reduce the risk of security incidents.

b. Phishing Awareness: Educate users about the risks of phishing attacks and the importance of vigilance in identifying and reporting suspicious emails.

8. Communication and Transparency:

a. Transparent Communication: In the event of a security incident, communicate transparently with affected parties, providing timely updates on the situation and remediation efforts.

9. Continuous Improvement:

a. Security Reviews: Conduct regular security reviews and risk assessments to identify areas for improvement and implement necessary changes.

10. Reporting Violations:

a. Whistleblower Protection: We have established a mechanism for employees, partners, and customers to confidentially report any breaches of this Code of Conduct without fear of retaliation.