Security and Compliance at CM.com

trust center hero medium

Reliability in all aspects at CM.com

Providing an online infrastructure for communication and payments comes with great responsibility. Therefore, ensuring the availability, integrity and confidentiality of our platform is CM.com's top priority.

We work for some of the world’s largest enterprises. In many cases, their communication flow is business critical. As a key supplier in an industry that is rapidly evolving, CM.com is always looking to combine flexibility without compromising on security, availability or compliance.

Jan Saan, CTO CM.com Groep:“Our goal is to be as flexible and fast as possible in terms of delivering services to our customers, while maintaining the highest standards in security and compliance.”

ISO 9001, 14001, 20000-1, 27001 certified

Our compliance with Quality Management (ISO 9001), Environmental Management (ISO 14001), Information Technology Service Management (ISO/IEC 20000-1) and Information Security Management (ISO/IEC 27001) is confirmed by internationally recognised certificates.

ISO9001
ISO14001
ISO20000-1
ISO27001

GDPR

On May 25th 2018, the General Data Protection Regulation (GDPR) came into effect, replacing current privacy regulations. As of 25 May 2018, all companies handling personal data will need to adhere to the regulation and be able to demonstrate their compliance to the GDPR.

As a responsible processor and a responsible controller, CM.com has embraced the principles that lie at the base of the GDPR. Moreover, we regularly revisit them to assure our compliance. We have all necessary tools in place to conform to the principle of accountability. Some examples are: Privacy by design, a data controller register, data processor registers, and our specific Data Privacy Impact Assessment (DPIA). We follow data privacy principles in the development of all our services.

In addition, we have set up a GDPR compliance roadmap and took corrective actions where necessary. We updated our terms and conditions in April 2018 to comply with the upcoming GDPR and the processing of personal information by CM.com. In updating our terms and conditions, processes and services, CM.com ensures that we provide you with a service that is compliant, and takes into account the latest regulations, techniques and functionalities in mobile messaging, voice, payments and digital identification.

POPIA

With the Protection of Personal Information Act (POPIA) compliance grace period ending on 30 June 2021, CM.com has been working with leading law firm Webber Wentzel to understand what is required to achieve POPIA compliance.

As our platform stores and integrates customer data, it is critical that CM.com, and other companies like it, comply with the act when it comes to processing and protecting personal information.

CM.com has partnered with Webber Wentzel, who has provided guidance on the best practices and procedures necessary for alignment with the requirements of POPIA. James Bayhack, Director for Sub-Saharan Africa at CM.com, explained what this means for customers, “With the work that the teams have put in to ensure compliance, CM.com customers can have peace of mind that important information is managed correctly, and that the platform’s features and functionality will help them stay on the right side of the law.”

Security at CM.com

In order to meet this goal, CM.com takes several measures to ensure security is in place:

We’re in control

With staff on-site 24/7, our analysts are continuously monitoring security, performance and connections to suppliers and customers from our Network Operations Center (NOC). This team is equipped to handle any incident effectively and efficiently.

All CM.com services are hosted on privately owned and operated environments. CM.com has full control over all data, including its transport, encryption and accessibility. There are no public cloud services involved in the creation and delivery of our services. The usage of cloud services provided by third parties in the office environment is regulated by a specific cloud policy. This means only use of services contracted and approved by CM.com are allowed.

Standardise

CM.com’s cloud is built upon standardised hardware and appliances. Blueprints are available per vendor and model, each containing CM.com’s default configuration and required steps for initialisation and installation. Blueprints used by CM.com are standardised, based on input from organisations such as CIS and NIST.

CM.com clearly distinguishes core processing components and services that are built on top of these components. Standardising and securing these core components and ensuring availability and security of our clients’ data is our first priority. The scopes of all ISO certificates (ISO 27001, 9001, 14001 and ISO 20000) are currently for the Messaging and Voice platform. CM.com is actively broadening the scope of these certifications to more products and processes.

Validate and improve

CM.com combines the results of real-time monitoring by our NOC, scheduled testing by our internal auditing department and external testing by renowned third parties to improve our infrastructure, coding practices, overall security and the effectivity of our monitoring processes.

CM.com has an extensive integrated management system in place. This management system covers items such as information security, risk management, disaster recovery, business continuity, backups, privacy, quality management and our environmental impact.

Active, not reactive

CM.com actively follows relevant changes in legal and compliance requirements, with extensive focus on e.g. GDPR regulations. CM.com monitors information security feeds published by various renowned institutes and firms such as NIST and the Open Web Application Security Project.

It’s a team effort

CM.com’s platform is built to meet the highest security requirements. Security is a high priority for every team within CM.com. Clear security guidelines are available and all staff members are briefed on their responsibilities to continuously contribute to the security of CM.com, its partners and its customers.

CM.com actively stimulates the exchange of security and secure coding related knowledge after gaining new insights based on (external) training, publications or recent events.

More Information?

The CM.com Trust Center is your one-stop-shop for security, compliance, privacy, legal, and risk management.

Visit the Trust Center
Is this region a better fit for you?
Go
close icon