Security of our customer’s data is our highest priority. We use our own product and we use CARA to measure and monitor our security posture continuously
NIST CyberSecurity Framework (CSF)
We take a security-first approach towards product development, quality assurance and operational support. We have security, periodic audits, and continuous monitoring to ensure that your data is always secure. Leading technologies and industry best practices are utilized to maintain the security and availability of the CARA platform, and protect everything stored within it.
Learn more about our security practices:
NIST CSF
CARA has adopted the NIST CSF framework which provides a great foundation to build, implement, manage,and mature the organization’s cybersecurity practices.
Privacy Policy
We are committed to preventing unauthorized access or disclosure to our customer’s information. Read our privacy policy
Cloud Security
Secure infrastructure
CARA's computing infrastructure is provided by AWS, a secure cloud services platform. AWS’s physical infrastructure has been accredited under SOC 2, ISO 27001, PCI Level 1 and FISMA Moderate.
Encryption in Transit
The communication between you and our servers is encrypted with Transport Layer Security (TLS v1.2, v1.1 and v1.0) encryption. We use industry standard encryption for data traversing to and from the application servers. System controls have been implemented to prevent cross site scripting and SQL injection attacks.
Data Encryption
All data captured in CARA is encrypted and stored on AWS servers in accordance with ISO 27001 requirements.
Vulnerability Management
System vulnerability assessments and internal security controls have been implemented to identify security vulnerabilities and reduce the risk of exposure to common cyber attacks.
Data Backups
CARA data is stored across multiple databases and file stores. Data and audit logs, for all databases, are backed up on a regular frequency. Full backups are performed with new updates or each week — whichever is sooner.
Incident Management
Our incident management process ensures we rapidly respond to security events that may affect the integrity or availability of the CARA platform and the data stored within it. Events that affect customers are given the highest priority.
Application Security
Secure Development
Access to CARA’s deployment environments is strictly controlled,Testing and Staging environments are logically separated from the Production environment.
User Security
CARA is a multi-tenanted system. Each customer account has a unique identifier that is used across the entire platform to identify data owned by that account. And the platform is powered by Secure Sockets Layer (SSL) to maintain connection security and encrypt and share data safely.
Vulnerability Scanning & Patching
We periodically check and apply patches for third-party software/services. As and when vulnerabilities are discovered we apply the fixes within pre-defined SLAs.
Penetration Testing
We conduct periodic penetration tests to ensure the security posture and uncover potential vulnerabilities, using the services of an independent, qualified third party VAPT service.
Product Security
Multi-Factor Authentication
Access to CARA is connected to a user’s email account. Multi or two-factor authentication can be set for the user’s email account login. CARA does store any passwords. All user passwords are securely hashed; passwords are never stored in plain text.
User Security
All users must be invited to join the platform and accept that invitation to create their account before they can access any platform data. And the users will use their specific account logins to access the platform.
Administrative Data Access
Access to production databases is strictly controlled and only users with a need to access production data for customer support or problem resolution have access.
Data Backups
Data backups are encrypted and sensitive data is encrypted/masked in the live database.
Data Life Cycle
CARA will securely delete a customer’s data after 45 days in CyberFirst product. The customer data in other products are secured for the 365 days.
User Permissions
In application user permissions allow you to control what data a user can access and what company-wide actions and settings can be controlled. The user permissions for Admin, Manager and Users are separated as per their roles & responsibilities.
Human Resources Security
Security Awareness
All CARA personnel are required to undergo a security training. It cover industry best practices around typical human-based-attack vectors involving phishing, passwords, attachments etc.
Confidentiality
All new CARA s employees are required to sign Non-Disclosure and Confidentiality agreements.
Disclosure
We are committed to making our system secure. If you find a security issue, please send it to [email protected]. We will make sure the issue is fixed and updated at the earliest.