Security and Privacy

1. Introduction

At Cembla, we value our customers’ trust, and the security of their data is our utmost priority. We are committed to providing a secure environment for all our operations, whether it's data processing, software development, or machine learning services. This security policy outlines our guiding principles, responsibilities, and the mechanisms we use to protect information and services.

2. Policy Scope

This security policy applies to all Cembla employees, contractors, partners, and any entities that interact with our systems or handle our data. This policy encompasses all systems, networks, devices, data, communication, and applications owned or managed by Cembla.

3. Roles and Responsibilities

Everyone at Cembla has a part in maintaining security.

  • Employees & Contractors: They are expected to adhere to all the security policies, protocols, and procedures in place. They must immediately report any security incidents or suspected incidents.
  • Management: Management is committed to providing the resources necessary to establish a secure environment, including adequate staffing, tools, and training.

4. Information Classification and Handling

All data handled by Cembla is classified into one of the following categories: public, internal, confidential, or highly sensitive. Each category requires different handling measures, with the most stringent controls applied to the highest sensitivity data.

5. Physical and Environmental Security

Physical access to our premises and data centers is strictly controlled. Only authorized personnel are allowed access. Monitoring systems and controls are in place to prevent unauthorized access and to ensure environmental conditions are optimal for our equipment.

6. Access Control

Access to our systems is strictly managed and based on the principle of least privilege. Two-factor authentication is mandatory for all users.

7. Network Security

Our network is protected by advanced security technologies such as intrusion detection systems (IDS), firewalls, and secure gateways. All traffic is inspected and filtered for potential threats.

8. Application Security

We follow secure coding practices to develop our software. All our applications undergo rigorous testing and vulnerability assessments before being deployed. Regular updates and patches are applied to keep them secure.

9. Incident Management

In case of a security incident, our team is ready to identify, respond, and recover. After each incident, we conduct a thorough investigation to prevent future occurrences.

10. Business Continuity and Disaster Recovery

We have a robust business continuity plan (BCP) and disaster recovery plan (DRP) to ensure our operations can continue in case of a significant disruption. Regular backups of critical data are performed, and we have the capacity to quickly restore our services.

11. Compliance

Cembla complies with all relevant regulations and standards and is currently undergoing SOC2 compliance. Regular audits are conducted to ensure compliance.

12. Policy Review and Updates

This security policy is reviewed and updated annually, or more frequently if significant changes occur in our operations or threat landscape.

13. Contact Information

For any inquiries or security concerns, please contact our security team at contact@cembla.com.

14. Enforcement

Failure to comply with this security policy can lead to disciplinary action up to and including termination of employment or contracts.

This policy is effective as of July 8, 2023.

Cembla reserves the right to modify or update this policy at any time. Changes will be posted on this page, and your continued use of our services after such changes have been posted will constitute your acceptance of the changes.