Introduction
We’ve put together a list of the key information usually requested during the sales and/or supplier review process.
Below, you can find information regarding our Sales Contracts, Support and Maintenance, System Requirements as well as our Security and Compliance for both our SaaS and On-Premise deployments of Claromentis.
1. Support and Maintenance Overview
The latest Support and Maintenance Overview is available at this link: Support and Maintenance Overview
2. Contract
Please find the latest versions of our contracts for you to download or view, below:
- SaaS
- On-Premise (Perpetual License)
3. Data Processing
We also invite you to sign the following Data Processing Agreement . Please request this by emailing data-protection@claromentis.com with the subject 'Data Processing Agreement - Request'. Please include:
- Your company name
- The name and email address of the person responsible for data protection at your company
- The region where you wish your data to be stored (We currently offer EU, UK and US data centres).
We'll then send out a document for this person to sign via SignNow.
GDPR Compliance
Please refer both to our Privacy Policy on our website for information on our sub-processors and compliance with GDPR: https://www.claromentis.com/privacy/. Please also refer to the Data Processing Agreement linked above.
Digital Services Act
We have reviewed with our legal consultants whether Claromentis is required to comply with the Digital Services Act and have concluded that we do not as our software is designed to be restricted to a finite number of users, which are granted access (through authentication) to the system and limited by a user license. We therefore believe that Claromentis would be similar to a private messaging service ( interpersonal communications between a “finite” number of people.)
4. Security
We have an article on our approach to Application and Infrastructure Security, available here: https://discover.claromentis.com/knowledgebase/articles/568
Please find information on our security certification below:
ISO 27001: Claromentis is an ISO 27001-certified company, you can find our latest certificate, available for download at the following link: Claromentis - ISO 27001 Certificate
In addition to this, we regularly review our suppliers to ensure that they meet the same security standards that we set internally.
HIPAA: Claromentis is self-certified to HIPAA and HITECH standards, as is our hosting provider Google: https://cloud.google.com/security/compliance/hipaa-compliance
We can either provide our Business Associate Agreement for you to sign or we can review and sign your own organisation Business AssociateSOC 2 (SSAE 18): Our hosting provider, Google (GCP), is regularly audited under SSAE 18 rules and we review the controls on a yearly basis.
Claromentis is not yet compliant with SOC 2. We do however implement many of the controls required for SOC 2 compliance.
SOC 2 audit reports are only available directly to Google customers and under NDA, therefore we can’t share this. You can view a public report (SOC 3) from the Google Compliance Reports Manager, follow this link and search for ‘SOC 3’, check the box next to the SOC 3 report and click ‘download’ - Google Compliance Reports Manager
5. Security, Backups and Responsibilities (SaaS - for anyone using our Cloud-based deployment of Claromentis)
If you choose to go with our SaaS platform, the majority of End User controls are covered by Claromentis.
This includes, but is not limited to:
- Backups - we take daily backups, that are kept for 30 days and encrypted at Rest.
- Security - detailed information available here: https://discover.claromentis.com/knowledgebase/articles/568
- Logging and Monitoring
- Maintenance and Upgrades to the Application and Infrastructure
The controls that are the responsibility of the client’s intranet administrators:
- Ensure secure password policies are enforced (either via the IDP admin panel or by enforcing this setting within the Claromentis software for local accounts)
- Enable two-factor authentication for any account with access to sensitive data
- Care must be taken to implement effective permissions based on roles and groups based permission
6. Security, Hosting Recommendations and Responsibilities (On Premise Customers Only)
For On-Premise, there are additional hosting recommendations and responsibilities (including Backups) that you should be aware of, outlined in the following article: On Premise - Hosting recommendations and responsibilities
The controls that are the responsibility of the client’s intranet administrators:
- Ensure secure password policies are enforced (either via the IDP admin panel or by enforcing this setting within the Claromentis software for local accounts)
- Enable two-factor authentication for any account with access to sensitive data
- Care must be taken to implement effective permissions based on roles and groups based permission
7. Intranet users management solutions
Claromentis provides a number of options which offer a wide range of solutions for SSO, user provisioning, user directory sync. We have put together a User management FAQ article which covers our offering.
8. Quality Assurance
Claromentis is committed to continually improving the quality of our Products and Services, we are certified to ISO 9001 standards.
Our latest ISO 9001 certificate is available at the following link: ISO 9001 certificate.
Note: these are our standard documents for your review and should be accepted as is. Should you have questions or would like to see any changes please contact your sales agent prior to downloading these documents.