Data protection matters
Clari is a modern cloud-based platform built with industry-standard technologies and services, ensuring enterprise-grade reliability, security and privacy for our customers.
Reliability & availability
Clari strives for a high uptime and performance. Systems, people and processes are designed to meet and exceed this. Engineering, Customer Success and Security operate in unison to make sure our customers have the best online experience. We maintain a continuously updated status page at https://clari.statuspage.io/.
Backups
Backups run daily, encrypted in transit and at rest, and are tested regularly. Backups are kept "off-site" in Amazon S3 which stores files on multiple highly available physical devices.
Recovery
Clari reviews its Business Impact Analysis (BIA) and Business Continuity Plan (BCP) on an annual basis. Recovery strategies are designed to provide well-defined Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).
Incident management & responses
Clari maintains ongoing documentation and verification of its incident response policy and procedures. We apply a 6-step approach that drives consistency and on-going improvements to our responses process: Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned.
We practice multidisciplinary, blameless post-mortem analysis, and seek to grow our people, processes, and systems in the aftermath of failure.
Data centers
Customer center is hosted in the United States, in AWS’s us-east-1-regions in multiple availability zones (a through f). For more information on AWS data center capabilities and compliance, refer to AWS’s Data Center information page.
Infrastructure & network security
Clari continuously monitors its infrastructure and network security via a 24/7/365 Security Operations Center (SOC). Our infrastructure is scanned continuously for security vulnerabilities and medium and above severity findings are prioritized and addressed.
Network controls
Clari maintains all production systems in a dedicated Virtual Private Cloud (VPC) within AWS. Production data never leaves the dedicated VPC, and communication and access to it is restricted by firewalls and access control mechanisms. Intrusion Detection Systems (IDS) monitor and alert our 24/7/365 Security Operations Center (SOC) whenever unusual behavior or traffic is detected.
Vulnerability and patch management
Systems are scanned regularly for common vulnerabilities. Servers are patched automatically on a regular schedule, with critical and high severity patches applied with the highest priority.
DDoS mitigation
Distributed Denial of Service mitigation is provided via AWS Shield.
Application security
We believe security must be “baked” into the product, processes and people. Software developers and engineers are required to go through an annual training on secure coding and pass a rigorous exam. Static and dynamic security scans are built into the development and QA processes via automated tools that perform on-demand and on-going code scans. Matches with security vulnerabilities or deviations from best practices generate automated alerts and code is promptly corrected.
Third-party penetration testing
Clari partners with external penetration testing vendors to conduct annual tests. Medium and higher severity findings are remediated and reports are available upon request and under NDA.
Encryption at rest
All stored data, session cookies, backups and other sensitive data, is encrypted at rest. Database fields storing credentials are also encrypted for additional security. Account passwords are salted and hashed using the latest strong algorithms and approaches, which are routinely audited. No humans, our staff included, can ever view your passwords.
Encryption in transit
All communication between customer systems and Clari is performed using high levels of encryption (TLS 1.2 / HTTPS). Our customers also have the option to add a secure IPSEC tunnel.
Single Sign-On (SSO) and Multi-Factor Authentication (MFA)
Clari integrates with your SSO/MFA solution to provide a seamless login experience via SAML 2.0. This guarantees user authentication without the need to manage yet another account/password combination.
OAUTH 2.0
Clari uses OAUTH 2.0 for authorization to CRM, email and calendar platforms securely and via vendor established APIs. This provides our customers the assurance that Clari will only request authorization using Microsoft, Google, Salesforce and vendor specific SSO APIs.
Role-based access control
Clari administrators can set user roles according to the principle of least privilege. Users only see what they need in order to perform their job.
Compliance & certifications
Our customers span a wide range of industries. Clari is committed to meet and exceed levels of compliance with those standards.
Certifications
Clari undergoes annual audits with external vendors to ensure its products and processes follow the strictest norms.
GDPR
Clari has partnered with external auditors and has been compliant with the General Data Protection Regulation (GDPR) since its inception in May 2018. For detailed information, please refer to the Clari GDPR page.
Corporate security
In addition to developers receiving secure coding training, all employees participate in annual general security and data privacy training.
Information security policies & procedures
Clari uses the ISO 27001 framework as the foundation for its policies and procedures. All Employees acknowledge their responsibilities in protecting customer data as a condition of employment.
Offices
Clari offices are secured by keycard access and we make sure there is 24/7/365 monitoring via video cameras and alarms. Although our products have no dependencies on our company’s offices or other facilities other than AWS data centers, our office has redundant UPS, network devices and firewalls.
Endpoint devices
Employee laptops are secured with hard drive encryption, Antivirus and advanced malware detection with central management and control.
All devices are managed via a central, cloud based Mobile Data Management (MDM) system.
Background checks
All new hires undergo background check prior to starting their careers at Clari.
Business continuity
Clari was built within the cloud and, our employees operate regularly from different locations globally with little to no dependency on office resources.
Data centers
Customer center is hosted in the United States, in AWS’s us-east-1-regions in multiple availability zones (a through f). For more information on AWS data center capabilities and compliance, refer to AWS’s Data Center information page.
