Overview
Security
Data & Compliance, Long text, Long text
Transparency
Discover more
Customer Success Stories

Results matter. Explore the compelling strategic and operational gains our customers have made using Centric PLM.

Events

Industry focused. Solution specific. Join our team and customers for Centric PLM use cases, thought leadership, personal insights and more.

Superdry Uses Centric PLM To Build a Strong Foundation for Growth

CASE STUDY

Test tentree Plants their Digital Foundation to Achieve Success with Centric PLM

CASE STUDY

Guess Emerges Out of the Pandemic Stronger with Centric Planning

Case study
View all References
Digital Event

ERP vs. PLM: Where to Start and Why

Whitepaper

Creating a Business Case for PLM

Webinar Replay

PLM4ALL: Life Without Spreadsheets

California

655 Campbell Technology Parkway,
Suite 200
Campbell, CA 95008 USA

Phone: +1 408 574 7802
Fax: 1 408 377 3002

E-mail
Request a Demo

Centric Software Security & Compliance

Your data is safe with us.

Data security by design.

Trusted by the world’s leading organizations.

With our roots in Silicon Valley, we know how important it is for organizations to trust their software partners. This means that protecting your data and meeting your compliance requirements is our number one priority. As a result, our web applications are developed through a security by design methodology.

With a team of focused security professionals, a robust and secure hosting environment and following ISO 27001 standards, we are confident our solutions are stable, reliable and compliant. In fact, we stake our reputation on it.

Browse success stories from our customers

17,500+ iconic brands in more than 40 countries

Leading-edge Security

From managing external suppliers such as hosting partners, through to following development best practices and deploying teams focused on security, our approach is designed to align with security frameworks and exceed internationally recognized standards.

    • Physical Security
    • Access Control
    • Security Personnel
    • Vulnerability Management
    • Encryption
    • Development
    Physical Security @2x

    Physical Security

    Centric Software information systems and technical infrastructure are hosted within world-class, industry certified data centers. Physical security controls at these data centers include 24×7 monitoring, cameras, visitor logs, entry limitations, and all that you would expect at a high-security data processing facility.

    More information about our cloud service providers can be found:

    Amazon Web Services | Microsoft Azure | Google Cloud Platform | Centric Data Center

    Access Control @2x

    Access Control

    Centric Software has in place policies, procedures, and logical controls that are designed to limit access to its information systems and the facility or facilities in which they are housed to properly authorized persons;

    We ensure that:

    1. Only those Centric Software personnel with an actual need-to-know will have access to any Customer Data;
    2. Controls to ensure that all Centric Software personnel who are granted access to any Customer Data are based on least-privilege principles;
    3. Strong authentication controls are made available to Centric Software customers, so that they can configure the service to comply with industry standards addressing locking out, uniqueness, reset, expiration, termination after a period of inactivity, password reuse limitations, length, expiration, and the number of invalid login requests before locking out a user;
    4. Periodic (no less than quarterly) access reviews to ensure that only those Centric Software personnel with access to Customer Data still require it.

    Security Personnel @2x

    Personnel

    Centric Software conducts background screening at the time of hire (to the extent permitted or facilitated by applicable laws). In addition, Centric Software communicates its information security policies to all personnel (who must acknowledge this) and requires new employees to sign non-disclosure agreements and provides ongoing privacy and security training.

    Dedicated Security Personnel

    Centric Software has a dedicated Data Privacy & Security team, which focuses on application, cloud, network, and system security. This team is responsible for maintaining Information Security Management System (ISMS) to meet internal security policies and standards.

    Vulnerability Management @2x

    Vulnerability Management and
    Penetration Tests

    Centric Software maintains a documented vulnerability management program which includes periodic scans, identification, and remediation of security vulnerabilities on servers, workstations, network equipment, and applications. All networks, including test and production environments, are regularly scanned using trusted third party vendors. Critical patches are applied to servers on a priority basis and as appropriate for all other patches.

    We also conduct regular internal and external penetration tests and remediate according to severity.

    Report potential vulnerabilities

    Centric 3D Connect

    Encryption

    Encryption in Transit: Centric Software uses secure encryption methods for communications between all systems and services.

    Encryption at Rest: Centric Software ensures all data at rest is protected using industry standard encryption algorithms and strength.

    Encryption of Backups: All backups are encrypted by default.

    Develpoment @2x

    Development

    Our development team employs secure coding techniques and best practices, focused around the OWASP Top Ten. Developers are formally trained in secure web application development practices upon hire and annually.

    Development, testing, and production environments are separated. All changes are peer reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.

    Data security and compliance

    Centric Software has implemented governance, risk management, and compliance practices that align with recognized information security frameworks.

    SOC2 Type 2

    Centric Software has been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles.

    Contact us

    SOC3 Type 2

    Centric Software has been assessed using the criteria set forth in paragraph 1.26 of the American Institute of Certified Public Accountants (AICPA) Guide Reporting on Controls at a Service Organization Relevant to the suitability of the design and operating effectiveness for the security, availability, and confidentiality principles.

    Download SOC 3 Report

    GDPR

    The General Data Protection Regulation (GDPR) introduced rules for organizations that offer goods and services to people in the European Union (EU), or that collect and process personal information relating to EU citizens, no matter where such organisation is located. Centric Software is committed to protecting personal information.

    Read more

    ISO/IEC 27001:2013

    Centric Software's certification for ISO/IEC 27001:2013, ISO 27017:2015, and ISO 27018:2019 was issued by A-LIGN, an independent and accredited certification body, on successful completion of a formal audit process.

    Download ISO Certificate

    ISO/IEC 27017:2015

    ISO/IEC 27017:2015 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO/IEC 27002 and ISO/IEC 27001 standards.

    Download ISO Certificate

    ISO/IEC 27018:2019

    ISO/IEC 27018:2019 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO/IEC information security standard 27002 and provides implementation guidance on ISO/IEC 27002 controls applicable to public cloud Personally Identifiable Information (PII).

    Download ISO Certificate

    Protecting data at every stage.

    Trust is built on openness. So being accountable and clear about the processes we have in place to protect the security, integrity and compliance of our systems and your data is fundamentally important to us. In this section, you can find out more about the various policies we follow and the security measures we take to secure our platform and your data.

    Security Policies

    Centric Software maintains and regularly reviews and updates its information security policies, at least on an annual basis. Employees must acknowledge policies and undergo periodic training pertaining to job function. Training is designed to adhere to all specifications and regulations applicable to Centric Software.

    Asset Management

    Centric Software maintains an asset management policy which includes identification, classification, retention, and disposal of information and assets. Company-issued devices are equipped with full hard disk encryption, up-to-date antivirus software, end point intrusion prevention and detections systems. Only company-issued devices are permitted to access corporate and production networks.

    Incident Management

    Centric Software maintains a security incident response process that covers the initial response, investigation, notification to customers and/or individuals (as may be required), public communication, and remediation. This process is reviewed regularly and tested bi-annually.

    Breach Notification

    Despite best efforts, no method of transmission over the internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Centric Software learns of an actual security breach, we will notify affected users as required by law or otherwise so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under applicable country level, state and federal laws and regulations.

    Business Continuity Management

    Backups are encrypted and stored at a secondary environment to preserve their confidentiality and integrity. Centric Software employs a backup strategy to ensure minimum downtime and data loss to meet recovery time objective (RTO) and recovery point objective (RPO). The Business Continuity Plan (BCP) is tested and updated on a regular basis to ensure its effectiveness in the event of a disaster.

    Logging and Monitoring

    Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorized Centric Software personnel. Logs are preserved in accordance with regulatory requirements.

    Application Secure Release Criteria

    Centric Software has also introduced a secure release criteria for all software releases which includes:

    • Dependency checks for any code libraries for publicly disclosed vulnerabilities and unsupported versions.
    • Static Application Security Testing (SAST) where testers have access to the underlying framework, design and implementation. Application is tested inside out.
    • Dynamic Application Security Testing (DAST) where tester has no knowledge of the technologies or frameworks that the application is built on. Application is tested outside in.
    • Peer code reviews conducted by senior members of the dev team to ensure internal standards are met.
    • External Penetration Testing to ensure no critical, high or medium vulnerabilities exist in the application or the platform it’s hosted on.
    • Regulatory compliance checks to meet applicable standards and ensure adherence to data privacy and protection laws.

    Frequently asked questions

    Can I get more information regarding security and compliance?

    If you have further questions regarding security and compliance, please use the forms on our Contact Us page to get in touch. For any legal enquiries, please contact legal@centricsoftware.com 

    How do I report potential vulnerabilities?

    Existing Centric Software customers are expected to use the support portal to report any issues for any product or service. Security researchers willing to share suspected vulnerabilities privately may contact us directly through the Centric Software Vulnerability Reporting page. To bring value to your report and assist our teams in evaluating the suspected vulnerabilities, each report would ideally include a detailed description, perceived risk, the targeted scope, and its level, POC and any supporting materials.

    Popular resources

    This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.