Our Communications Platform as a Service (CPaaS) contains all messaging channels, as well as next-gen payments and smart identification tools.
And with our customer data platform (CDP), we provide you easy use of these features.
We aim to be flexible, scalable, and fast at delivering the services to our customers while maintaining the highest standards in security and compliance.
Measures are in place to monitor, control and continuously improve data security and business continuity. This page provides insight in how we do that.
We schedule regular backups to ensure that all data is stored safe, secure, and is swiftly restorable in a disaster recovery situation.
We conduct penetration tests per half-year / per quarter of a year using a certified third-party supplier.
• EU: Netherlands, Belgium, Germany
• UK
• Africa: South Africa
• Asia: Hong Kong and China
• Security staff, door locking
• Surveillance facilities (e.g. CCTV footage, alarm system)
• Automatic physical access control system
• Logging of visitors to data centers and data warehousing
• Outgoing traffic
• Incoming traffic
• Network traffic between zones
• Access to data and portals per user
• Access to and from user data
• Deviations in network traffic
• Malicious attacks
• Deviations in the amount of logging
• Traffic from untrusted IP addresses
• DDOS attack monitoring and mitigation
• Full system backups of servers and databases are taken daily
• Transaction log backups are taken with high frequency
• Backups are stored in an off-site location
As a part of the service specifications, the cloud service provider should define the allocation of information security incident management responsibilities and procedures between the cloud service customer and the cloud service provider.
The customer is responsible for its data and generated traffic; including security measures.
Read Terms & ConditionsCM.com’s main goal is to deliver a worldwide platform with all channels and features to best reach your audience worldwide. Our Communications Platform as a Service (CPaaS) contains all messaging channels, as well as next gen payments and smart identification tools. And with our customer data platform (CDP), we provide you an easy use of these features.
We aim to be flexible, scalable and fast at delivering the services to our customers, while maintaining the highest standards in security and compliance. Therefore, all software on CM.com’s platform is designed and developed by our own staff. The platform runs on own and self-operated servers and software. It is hosted in our own datacenters and in external datacenter locations of top-tier certified suppliers. The CM.com Platform is operated in different data center locations:
Various controls are in place to prevent physical access of unauthorized persons to other premises and facilities, such as:
Passwords of employees need to have at least 16 characters. After five unsuccessful login attempts the user account will be blocked for 30 minutes and will be unlocked after a successful login.
We use Firewalls on all internet facing elements of our infrastructure to protect data and control all traffic on the CM.com Platform. Firewalls are enabled on all employee endpoints at all times. IDS, IPS and WAF are enabled on our production environment firewalls.
All our equipment and servers are protected using appropriate real-time anti-virus, anti-spyware and anti-malware software (endpoint protection). The outcome and logs of this equipment is stored in a centralized database. Monitoring and alerting takes place from this centralized data system, the outcome is provided to our NOC/SOC. Realtime network monitoring is in place that can determine malicious behaviour based on a.i.
All network traffic running through the CM.com platform and the access provided to humans and API’s are strictly compartmented and zoned. Every set with services with a shared purpose is running in an isolated zone, providing only access to and from allowed systems or services, based on physical, virtual or per user/service separation for:
For CM.com to monitor and act swiftly on incoming threats, we have effective centralized logging, threat detection and mitigation.. The following measures are implemented;
The CM.com Platform is monitored by professionals, 365/24/7. This way we detect threats and errors that could potentially lead to security incidents in an early stage.
We apply four types of monitoring for checking the operations and the information processing on the CM.com platform. The monitoring and related checks are all automated.
These types are: Basic server monitoring, application test scripts, trend monitoring and security monitoring.
We conduct penetration tests per half year / per quarter of a year using a certified third party supplier. In addition to this, we take part in a bug bounty program and we undertake external and internal vulnerability scans using Authorized Scanning Vendors and vulnerability assessment applications. These scans are highly automated and for each test it is determined at which frequency it is performed (daily to monthly), depending on the type of test.
CM.com schedules regular backups to ensure that all data is stored safe, secure, and is swiftly restorable in a disaster recovery situation.
CM.com retains your traffic or customer data for no longer than necessary to provide the service:
CM.com commits to the availability of its services and processes in the Service Level Agreement. Not all factors that contribute to this commitment are fully in CM.com’s own control. CM.com has developed a Business Continuity Plan to minimize business damage from a major issue affecting staff, office and data center locations, and equipment. This covers the following aspects and is updated several times per year:
In case of an information security incident, CM.com has an incident response plan, including the following protocols to respond adequately:
As an electronic communications provider, CM.com has an independent duty to inform the respective authorities in the case of security incidents and/or network disruptions.
In respect of a personal data breach, CM.com notifies each affected client of a personal data breach involving CM.com or a sub-contractor without undue delay (but in no event later than forty-eight hours after becoming aware of the personal data breach). The notification will be communicated via e-mail to the relevant contact persons.
Did you as a security researcher or a client discover a vulnerability in our system? Please help us by reporting these to us, so that we can improve the safety and reliability of our systems together. If you would like to report a vulnerability or have a security concern regarding the website of CM.com or its services, please email [email protected].
Our clients are also welcome to submit their requests to [email protected].
See Our Disclosure PolicySelect a region to show relevant information. This may change the language.
Is this region a better fit for you?