Security & Compliance

SOC 2 Compliance

We are SOC 2 Type II certified, affirming our commitment to data security and privacy.

AWS Qualification

Cloudchipr is qualified by Amazon Web Services (AWS). This ensures that Cloudchipr complies with all best practices suggested by AWS in accessing, storing, encrypting, and transporting data.

Cloud Access

Cloudchipr does not use Access Key or Secret Key authentication. Connections with customer accounts are mainly done through Role Based Access Control (RBAC).

Data Collection and Privacy

Cloudchipr does not gather or access any data on cloud storage or compute machines. It solely collects resource usage metrics and identifiers from the Cloud APIs.

Security Measures

Cloudchipr, as a data processor, maintains a robust set of security measures to safeguard the confidentiality, integrity, and availability of the data it processes. Key security measures include:

Information Security Policy: Cloudchipr has established and maintains an Information Security Policy that is communicated to all relevant parties and is reviewed and updated regularly.

Risk Assessment and Treatment: Regular risk assessments are conducted to identify and assess information security risks. Risk treatment plans are developed and implemented to address identified risks.

Vendor Risk Management: Cloudchipr employs a robust vendor risk management process. This includes conducting assessments of vendors' security practices, contractual agreements outlining security requirements, and periodic audits to ensure ongoing compliance.

Data Encryption: Cloudchipr employs encryption protocols to secure data both in transit and at rest. This ensures that sensitive information remains confidential.

Access Controls: Strict access controls are implemented, and the least privileged system access is based on roles and responsibilities. Multi-factor authentication is enforced to enhance user verification.

Regular Security Audits: Cloudchipr conducts regular security audits and assessments to identify and address potential vulnerabilities. This proactive approach helps in maintaining a secure environment.

Incident Response Plan: In the event of a security incident, Cloudchipr has a well-defined incident response plan in place. This includes immediate actions to contain the incident, thorough investigation, and communication protocols.

Workstation Protection: Cloudchipr implements robust measures to protect end-user workstations against unauthorized access, malware, and other security threats.

Background Checks: Cloudchipr conducts thorough background checks as part of our personnel security practices. Background checks are performed on individuals with access to sensitive information or critical systems, ensuring that only individuals with a verified and trustworthy background are granted such access.

Employee Training: Employees undergo regular security awareness training to ensure they are well-informed about security policies and best practices.

Physical Security: Data centers and infrastructure facilities are protected by industry-recognized physical security measures to prevent unauthorized access.

Physical Security Acknowledgment: For physical security, it is acknowledged that AWS, our infrastructure provider, is responsible for maintaining the physical security of their data centers. AWS employs robust measures, including access controls, surveillance, and environmental controls, to safeguard the physical infrastructure.