Security & Compliance

Providing an online infrastructure for communication and security comes with great responsibility. Ensuring the availability, integrity and confidentiality of our platform is our top priority

As a key supplier in an industry that is rapidly evolving, CM is always looking to combine flexibility without compromising on security, availability or compliance when securing customer data.

Let us help you secure your online environment.

“Our goal is to be as flexible and fast as possible in terms of delivering services to our customers, while maintaining the highest standards in security and compliance.”

Jan Saan, CTO CM Groep.

ISO 9001, 14001, 20000-1, 27001 certified

Our compliance with Quality Management (ISO 9001), Environmental Management (ISO 14001), Information Technology Service Management (ISO/IEC 20000-1) and Information Security Management (ISO/IEC 27001) is confirmed by internationally recognised certificates.

ISO 9001
ISO 14001
ISO 20000-1
ISO 27001

Security at CM

In order to meet this goal, CM takes several measures:

We’re in control

With staff on-site 24/7/365, our analysts are continuously monitoring security, performance and connections to suppliers and customers from our Network Operations Centre (NOC) - our team is equipped to handle any incident effectively and efficiently.

CM's services are hosted on privately owned and operated environments, giving us full control over all data, including its transport, encryption and accessibility. Usage of cloud services provided by third parties in the office environment is regulated by a specific cloud policy. Meaning only use of services contracted and approved by CM are allowed.


CM’s cloud is built upon standardised hardware and appliances. Blueprints are available per vendor and model, each containing CM’s default configuration and required steps for initialisation and installation. All of these blueprints are based on input from organisations such as CIS and NIST.

CM clearly distinguishes core processing components and services that are built on top of these components. Standardising and securing these core components, as well as our clients’ data is our first priority.

Validate and improve

CM combines the results of real-time monitoring by our NOC, scheduled testing by our internal auditing department and external testing by renowned third parties to improve our infrastructure, coding practices, overall security and the effectivity of our monitoring processes.

CM has an extensive integrated management system in place. This management system covers items such as information security, risk management, disaster recovery, business continuity, backups, privacy, quality management and our environmental impact.

Active, not reactive

CM actively follows relevant changes in legal and compliance requirements, with extensive focus on GDPR regulations & POPI compliance.

CM monitors information security feeds published by various renowned institutes and firms such as NIST and the Open Web Application Security Project.

It’s a team effort

Security is a high priority for every team within CM. Clear security guidelines are available and all team members are briefed on their responsibilities to continuously contribute to the security of CM, its partners and customers.

At CM, we actively stimulate the exchange of security and secure coding related knowledge after gaining new insights based on (external) training, publications or recent events.

Contact us

Want to know more about security and compliance at CM?