Security-by-design is our approach at Clarilis

Enterprise security, cloud flexibility

• Clarilis is ISO27001:2013 certified by BSI across the entire company (Certificate Number - IS 677941).
• All requests are logged and verified, including IP addresses.
• User level authority checks are performed to restrict access to particular document suites and drafts.

Encrypted communication

• Clarilis’ servers are hosted behind a secure firewall. All access is via encrypted communication.
• Secure HTTPS, user authorisation checks, and user authentication checks are standard security features.
• Protected links are time-limited and encrypted to 256bit AES.

Secure server environment

• There are separate environments for development, testing, and production.
• All data is stored on encrypted file systems and backed up daily (minimum).
• The platform is horizontally scalable and active resource monitoring enables agile deployments.
• If there is an increase in use, the platform can quickly scale to meet demand.

Controlled user access

• Access can be locked down to a defined list of IP addresses.
• Access is gained through a SAML2.0 compatible single sign-on (SSO) system, maintaining your security policy requirements.
• Any changes in access level require authentication by key stakeholders.

Human resource security

• All Clarilis staff are subject to a criminal record check (DBS), eligibility check, and reference validation pre-employment.
• Clarilis employees only have access to services/assets that are required to carry out daily duties. All access is recorded and auditable.
• No development of the system is outsourced.

Bespoke options

A number of additional security elements can be enabled on request:

• IP lockdown (only permitting access from particular IP addresses).
• Access via username and password where SSO is not used - configurable user lockout after login failure (CAPTCHA, failure count, unlock timeout, authorisation email).
• M-PIN (Certivox) integration.