Providing an online infrastructure for communication and payments comes with great responsibility. Therefore, ensuring the availability, integrity and confidentiality of our platform is CM’s top priority.
We work for some of the world’s largest enterprises. In many cases, their communication flow is business critical. As a key supplier in an industry that is rapidly evolving, CM is always looking to combine flexibility without compromising on security, availability or compliance.
In order to meet this goal CM takes several measures:
CM has staff on-site 24/7. Our analysts are continuously monitoring security, performance and connections to suppliers and customers from our Network Operations Centre (NOC). This team is equipped to handle any incident effectively, efficiently and immediately.
All CM services are hosted on privately owned and operated environments. CM has full control over all data, including its transport, encryption and accessibility. There are no public cloud services involved in the creation and delivery of our services. The usage of cloud services provided by third parties in the office environment is regulated by a specific cloud policy. This means only use of services contracted and approved by CM are allowed.
CM’s cloud is built upon standardised hardware and appliances. Blueprints are available per vendor and model, each containing CM’s default configuration and required steps for initialisation and installation. Blueprints used by CM are standardised, based on input from organisations such as CIS and NIST.
CM clearly distinguishes core processing components and services that are built on top of these components. Standardising and securing these core components and ensuring availability and security of our clients’ data is our first priority. Our core messaging services are ISO 27001, 9001, 14001 and ISO 20000 certified. CM is actively broadening the scope of these certifications to more products and processes.
CM combines the results of real-time monitoring by our NOC, scheduled testing by our internal auditing department and external testing by renowned third parties to improve our infrastructure, coding practices, overall security and the effectivity of our monitoring processes.
CM has an extensive integrated management system in place. This management system covers items such as information security, risk management, disaster recovery, business continuity, backups, privacy, quality management and our environmental impact.
CM actively follows relevant changes in legal and compliance requirements, with extensive focus on e.g. GDPR regulations.
CM monitors information security feeds published by various renowned institutes and firms such as NIST and the Open Web Application Security Project.
CM’s platform is built to meet the highest security requirements. Security is a high priority for every team within CM. Clear security guidelines are available and all staff members are briefed on their responsibilities to continuously contribute to the security of CM, its partners and its customers.
CM actively stimulates the exchange of security and secure coding related knowledge after gaining new insights based on (external) training, publications or recent events.