Security matters 

Clari is a modern cloud-based platform built with industry-standard technologies and services, ensuring entreprise-grade reliability, security and data protection for our customers. 

Reliability & availability 

Our Engineering team strives for a high uptime and performance. Systems, people and processes are designed to meet and exceed this. Engineering, Customer Success and Security operate in unison to make sure our customers have the best online experience. 

Backups

Backups run daily, encrypted in transit and at rest, and are tested regularly. Backups are kept "off-site" in Amazon S3 which stores files on multiple highly available physical devices.

Recovery

Clari reviews its Business Impact Analysis (BIA) and Business Continuity Plan (BCP) on an annual basis. Recovery strategies are designed to provide well-defined Recovery Time Objectives  (RTOs) and Recovery Point Objectives (RPOs).

DevOps best practices

Our DevOps team operates at a high maturity level adopting best practices such as infrastructure as code for auditable change management. Clari incorporates automation, repeatability and meets all aspects of a well architected cloud application.

Monitoring & on-call support

We monitor our infrastructure and application service levels continuously and have on-call support engineers 24/7/365. Our teams work as one with our customers to promptly respond and maintain a smooth communication channel. We maintain a continuously updated status page at https://clari.statuspage.io/.

Incident management & responses 

Clari maintains ongoing documentation and verification of its incident response policy and procedures. We apply a 6-step approach that drives consistency and on-going improvements to our responses process: Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned. 

We practice multidisciplinary, blameless post-mortem analysis, and seek to grow our people, processes, and systems in the aftermath of failure. 

Data centers

Customer center is hosted in the United States, in AWS’s us-east-1-regions in multiple availability zones (a through f). For more information on AWS data center capabilities and compliance, refer to AWS’s Data Center information page.

Infrastructure & network security

Clari continuously monitors its infrastructure and network security via a 24/7/365 Security Operations Center (SOC). Our infrastructure is scanned continuously for security vulnerabilities and medium and above severity findings are prioritized and addressed.

Network controls

Clari maintains all production systems in a dedicated Virtual Private Cloud (VPC) within AWS. Production data never leaves the dedicated VPC, and communication and access to it is restricted by firewalls and access control mechanisms. Intrusion Detection Systems (IDS) monitor and alert our 24/7/365 Security Operations Center (SOC) whenever unusual behavior or traffic is detected.

Vulnerability and patch management

Systems are scanned regularly for common vulnerabilities. Servers are patched automatically on a regular schedule, with critical and high severity patches applied with the highest priority.

DDoS mitigation

Distributed Denial of Service mitigation is provided via AWS Shield.

Application security

We believe security must be “baked” into the product, processes and people. Software developers and engineers are required to go through an annual training on secure coding and pass a rigorous exam. Static and dynamic security scans are built into the development and QA processes via automated tools that perform on-demand and on-going code scans. Matches with security vulnerabilities or deviations from best practices generate automated alerts and code is promptly corrected.

Third-party penetration testing

Clari partners with external penetration testing vendors to conduct annual tests. Medium and higher severity findings are remediated and reports are available upon request and under NDA.

Encryption at rest

All stored data, session cookies, backups and other sensitive data, is encrypted at rest. Database fields storing credentials are also encrypted for additional security. Account passwords are salted and hashed using the latest strong algorithms and approaches, which are routinely audited. No humans, our staff included, can ever view your passwords.

Encryption in transit

All communication between customer systems and Clari is performed using high levels of encryption (TLS 1.2 / HTTPS). Our customers also have the option to add a secure IPSEC tunnel.

Single Sign-On (SSO) and Multi-Factor Authentication (MFA)

Clari integrates with your SSO/MFA solution to provide a seamless login experience via SAML 2.0. This guarantees user authentication without the need to manage yet another account/password combination.

OAUTH 2.0

Clari uses OAUTH 2.0 for authorization to CRM, email and calendar platforms securely and via vendor established APIs. This provides our customers the assurance that Clari will only request authorization using Microsoft, Google, Salesforce and vendor specific SSO APIs.

Role-based access control

Clari administrators can set user roles according to the principle of least privilege. Users only see what they need in order to perform their job.

Compliance & certifications

Our customers span a wide range of industries. Clari is committed to meet and exceed levels of compliance with those standards.

ISO/IEC 27001:2013

27001:2013 is an information security certification acknowledged and endorsed by the largest companies around the globe. Clari undergoes an annual audit with external vendors to ensure its products and processes follow the strictest norms.

HIPAA

Clari is compliant with the Health Insurance Portability and Accountability Act (HIPAA), which means our Healthcare customers can rest assured via BAA that Clari products will process information according to HHS regulations.

EU-US & Swiss-US Privacy Shield

Clari holds a Privacy Shield certification established by the U.S. Department of Commerce regarding the transfer of personal data from the EEA and/or Switzerland to the U.S.

CSA STAR Level 1

Clari is a member of the Cloud Security Alliance (CSA) - the world's leading independent organization for defining best practices for cloud service providers. Clari Consensus Assessments Initiative Questionnaire v3.0.1 is available for download.

CloudTrust Program

Clari cloud services fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection. McAfee’s CloudTrust™ Program helps you lower risk and streamline the evaluation process by providing an objective and comprehensive evaluation of a service’s security controls and enterprise readiness based on a detailed set of criteria developed in conjunction with the Cloud Security Alliance (CSA).

GDPR

Clari has partnered with external auditors and has been compliant with the General Data Protection Regulation (GDPR) since its inception in May 2018. For detailed information, please refer to the Clari GDPR page and the  Clari Subprocessor FAQs.

Corporate security

In addition to developers receiving secure coding training, all employees participate in annual general security and data privacy training.

Information security policies & procedures

Clari uses the ISO 27001 framework as the foundation for its policies and procedures. All Employees acknowledge their responsibilities in protecting customer data as a condition of employment.

Offices

Clari offices are secured by keycard access and we make sure there is 24/7/365 monitoring via video cameras and alarms. Although our products have no dependencies on our company’s offices or other facilities other than AWS data centers, our office has redundant UPS, network devices and firewalls.

Endpoint devices

Employee laptops are secured with hard drive encryption, Antivirus and advanced malware detection with central management and control.

All devices are managed via a central, cloud based Mobile Data Management (MDM) system.

Background checks

All new hires undergo background check prior to starting their careers at Clari.

Business continuity

Clari was built within the cloud and, our employees operate regularly from different locations globally with little to no dependency on office resources.

Data centers

Customer center is hosted in the United States, in AWS’s us-east-1-regions in multiple availability zones (a through f). For more information on AWS data center capabilities and compliance, refer to AWS’s Data Center information page.

Ready to take control of
your revenue?