Important information (for new customers and supplier reviews)

Introduction

 

We’ve put together a list of the key information usually requested during the sales and/or supplier review process. 

Below, you can find information regarding our Sales Contracts, Support and Maintenance, System Requirements as well as our Security and Compliance for both our SaaS and On-Premise deployments of Claromentis. 

1. Support and Maintenance Overview

The latest Support and Maintenance Overview is available at this link: Support and Maintenance Overview 

2. Contract 

Please find the latest versions of our contracts for you to download or view, below:

3. Data Processing 

We also invite you to sign the following Data Processing Agreement . Please request this by emailing data-protection@claromentis.com with the subject 'Data Processing Agreement - Request'. Please include:

  • Your company name
  • The name and email address of the person responsible for data protection at your company
  • The region where you wish your data to be stored (We currently offer EU, UK and US data centres). 

We'll then send out a document for this person to sign via SignNow

GDPR Compliance

Please refer both to our Privacy Policy on our website for information on our sub-processors and compliance with GDPR: https://www.claromentis.com/privacy/. Please also refer to the Data Processing Agreement linked above. 

Digital Services Act

We have reviewed with our legal consultants whether Claromentis is required to comply with the Digital Services Act and have concluded that we do not as our software is designed to be restricted to a finite number of users, which are granted access (through authentication) to the system and limited by a user license. We therefore believe that Claromentis would be similar to a private messaging service ( interpersonal communications between a “finite” number of people.)

4. Security

We have an article on our approach to Application and Infrastructure Security, available here: https://discover.claromentis.com/knowledgebase/articles/568

Please find information on our security certification below:

ISO 27001: Claromentis is an ISO 27001-certified company, you can find our latest certificate, available for download at the following link: Claromentis - ISO 27001 Certificate

In addition to this, we regularly review our suppliers to ensure that they meet the same security standards that we set internally. 

HIPAA: Claromentis is self-certified to HIPAA and HITECH standards, as is our hosting provider Google: https://cloud.google.com/security/compliance/hipaa-compliance

We can either provide our Business Associate Agreement for you to sign or we can review and sign your own organisation Business Associate   
 

SOC 2 (SSAE 18): Our hosting provider, Google (GCP), is regularly audited under SSAE 18 rules and we review the controls on a yearly basis. 

Claromentis is not yet compliant with SOC 2. We do however implement many of the controls required for SOC 2 compliance.

SOC 2 audit reports are only available directly to Google customers and under NDA, therefore we can’t share this. You can view a public report (SOC 3) from the Google Compliance Reports Manager, follow this link and search for ‘SOC 3’, check the box next to the SOC 3 report and click ‘download’ - Google Compliance Reports Manager
 

5. Security, Backups and Responsibilities (SaaS - for anyone using our Cloud-based deployment of Claromentis

If you choose to go with our SaaS platform, the majority of End User controls are covered by Claromentis. 

This includes, but is not limited to:

The controls that are the responsibility of the client’s intranet administrators:

  • Ensure secure password policies are enforced (either via the IDP admin panel or by enforcing this setting within the Claromentis software for local accounts)
  • Enable two-factor authentication for any account with access to sensitive data
  • Care must be taken to implement effective permissions based on roles and groups based permission

6. Security, Hosting Recommendations and Responsibilities (On Premise Customers Only

For On-Premise, there are additional hosting recommendations and responsibilities (including Backups) that you should be aware of, outlined in the following article: On Premise - Hosting recommendations and responsibilities

The controls that are the responsibility of the client’s intranet administrators:

  • Ensure secure password policies are enforced (either via the IDP admin panel or by enforcing this setting within the Claromentis software for local accounts)
  • Enable two-factor authentication for any account with access to sensitive data
  • Care must be taken to implement effective permissions based on roles and groups based permission

7. Intranet users management solutions

Claromentis provides a number of options which offer a wide range of solutions for SSO, user provisioning, user directory sync. We have put together a User management FAQ article which covers our offering.

8. Quality Assurance

Claromentis is committed to continually improving the quality of our Products and Services, we are certified to ISO 9001 standards. 

Our latest ISO 9001 certificate is available at the following link: ISO 9001 certificate.

Note: these are our standard documents for your review and should be accepted as is. Should you have questions or would like to see any changes please contact your sales agent prior to downloading these documents.




 

Created on 25 August 2022 by Will Emmerson. Last modified on 12 August 2024

Was this helpful?  

Share