Committed to Security

    Keeping Your Content Safe

    SpringCM routinely passes the most demanding third-party security audits, including SSAE 16 and SOC 2. We know how important it is to keep your business contracts and documents away from prying eyes, backed up, and available when you need them. SpringCM keeps IT and security teams happy, and confidential information safe.

    SpringCM Datacenters

    Our physical datacenters are located across the country and secured to extremely high standards. The co-location providers we partner with all provide Tier III capabilities, with physical and environmental safeguards sophisticated enough to host banking, healthcare, commercial and government data. Our multiple layers of facility and network redundancy help us meet our two central objectives:

    • Get data written correctly to our storage systems
    • Ensure data is reliably available only when you want it to be

    Two-Phase Data Backup Policy

    SpringCM’s two-phase backup policy consists of nightly and weekly backups 24x7x365. Each night’s backup is incremental; only data that has changed since the last backup is written to digital media.

    Disaster Recovery

    In addition to regular backups, SpringCM has many plans in place for any disaster or contingency. Key measures include:

    • Redundant hardware stack
    • Full data-at-rest encryption
    • 24-hour maximum recovery time objective
    • Off-site datacenter equipment located in a standby facility
    • Near real-time, disk-to-disk model of data replication

    Application Security

    Beyond the physical security measures in place at our datacenters, the SpringCM application itself has many features that keep your data safe. Whether it’s the ability to tailor access and editing controls of documents and folders by individual, group and device, or a combination of enterprise-class external DNS services, content delivery networks and certificate providers - you can be confident your data is protected. Rest assured your data is protected from DDoS, DNSSEC, brute force and root certificate provider threats as it travels back and forth from SpringCM.

    Core Application and Infrastructure Security Measures

    • Thawte and Verizon Enterprise encryption via Secure Sockets Layer (SSL)
    • 256-bit AES encryption of data at rest
    • Folder and document-level access restrictions for specific users or groups
    • Secure software development lifecycle through the use of threat modeling and risk assessment
    • SSAE 16 Type II
    • SOC 2 - Security, Availability, Processing Integrity, Confidentiality and Privacy principles audit
    • Routine scans cover entire SpringCM Cloud Platform for OWASP Top Risks and malware
    • Hardening standards adhere to Security Content Automation Protocol (SCAP) security benchmarks

    Document Management Security Controls

    • Adheres to Cloud Security Alliance’s Cloud Control Matrix
    • TRUSTe Certification
    • NIST 800-53 Rev 4 and ISO 27002 controls
    • Security architecture and management by Certified Information Systems Security Professionals
    • Strict audit schedule
    • Audit trails throughout

    Mobile Security

    SpringCM Mobile features PIN-protection and content encryption on smartphones and tablets. SpringCM Sync allows you to control exactly what content is synced to mobile devices, as well as laptops and desktops. In addition, should it become necessary, SpringCM Sync gives you the ability to selectively wipe specific content.

    Our People

    Our security measures extend to every facet of the company, including our people. All SpringCM employees and contractors with access to critical systems complete a successful third-party background check and execute confidentiality agreements before they start. Employees are also required to fully understand SpringCM’s:

    • Security Policies
    • Code of Ethics
    • Data Classification Policy
    • Incident Response Policy
    • Remote Access and VPN Policy

    See SpringCM in Action

    Request a custom demo to see how SpringCM can accelerate your business.