Security at Cin7
Cin7 takes data security seriously. We engage with market-leading partners to continue refining and maturing our processes and to provide customers multiple layers of data protection for the data they store in Cin7.
Control of data access
Each login that is provided to Cin7 users is unique and individual. We do not support shared logins, and our support staff do not use your tokens to access your data. All logins to your data in Cin7 are logged, and your staff’s access is limited to the security groupings you have defined. We provide a framework that allows you to build the granular levels of access required to give your users access to the modules they need. Where we provide access to Cin7 via connectors or external interfaces, including via application programming interfaces (APIs), access is delivered with secure credentials using revocable tokens. We secure your users’ logins using a password policy. For example, if staff repeatedly fail to login, that account will be locked out and support will need to be contacted.
Encryption of your data
In the Cin7 platform, sensitive data is encrypted at rest using “Transparent Data Encryption” (TDE). We support end-to-end encryption for clients who wish to take advantage of this.
External regular audits
Cin7 refines and upgrade aspects of our security posture as part of our ongoing internal practices and in conjunction with external partners. For example, in addition to regular external security penetration tests, we also engage with an independent partner to deliver monthly independent vulnerability scanning.
Cin7 is hosted in Microsoft Azure. This enables us to take advantage of Microsoft’s 99.9% guaranteed availability to deliver high levels of redundancy and availability to our clients. We also have partnerships with Microsoft top tier support, giving us access to additional engineering resources, often within minutes, to address any issue as it occurs. Finally, our systems have monitoring and management systems while our core systems are staffed with certified engineers who are online and able to assist 24×7.
With recent issues around data privacy making international news, the EU has released a global standard of privacy compliance known as GDPR. Cin7 is a “Processor” for the purpose of the GDPR. Our statement around our GDPR compliance can be found here: https://www.cin7.com/gdpr/
Keeping your cloud environment safe
Working in the cloud can be a complex thing to do safely, so it is important that you have a competent internal computer support team. You are responsible for your working environment. Here are a few general tips that may assist in keeping your Cin7 experience more secure:
- Do not share login information. Encourage users to align their Cin7 password selection to your internal password policy. Contact Cin7 immediately if you believe your security has been compromised so we can proactively shut down user accounts for you.
- Only access Cin7 through a secure work computer. You do not know what is lurking on a computer that has not been issued to you by your business. While it is possible to access Cin7 on a shared computer at an internet café or airport, we strongly discourage this. Ensure that all access to the Cin7 platform is in line with your company’s internet usage policy.
- Ensure your antivirus software is up to date, as it is difficult to protect against new and unseen threats. Every machine that accesses the Cin7 platform should be secured with current antivirus software
- Be aware of phishing attacks. Phishing attacks on the internet are commonly used to get users to expose private, financial or security information. Your internal team can provide more information about phishing along with company policy in regard to such attacks. If at any stage you feel that phishing is occurring in relation to the Cin7 platform, please forward the email to firstname.lastname@example.org so our security team can investigate it.
Please note that these tips are of a general nature and are not a substitute for your own security advice or practices. Cin7 does not accept any responsibility for your working environment, does not give any guarantees about these tips and, to the extent permitted by law, excludes any liability for any loss arising out of or in relation to these tips (including your reliance on them).
Live communication with you on the state of the platform
We provide live information on the status of our platform, and any outages or upgrades on: https://Status.Cin7.com. Feel free to circulate this address to your wider team to give them visibility of our platform’s status.