Chrome River understands that the confidentiality, integrity, and availability of our customers' information are vital to their business operations and our own success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our applications, systems, and processes to meet the growing demands and challenges of a market-leading SaaS application.
Welcome to The River
Industry Standard Security
State-of-the-Art Technology: Your data is transferred with high-grade TLS and multi-layered encryption at rest with AES-256. Encryption keys are stored separately from the data, and it’s all hosted in our secure cloud infrastructure.
Data Center Security: Our server hosting locations are physically secured, staffed 24/7/365 by trained security personnel who have undergone a thorough vetting process.
Two-Factor Authentication: Access to sensitive data requires two-factor authentication and is restricted only to authorized personnel performing specific tasks for the client (e.g. customer service).
Data in Transit: Communications between you and Chrome River servers are encrypted via industry best-practice HTTPS and Transport Layer Security (TLS).
Data at Rest: All databases and archival data are fully encrypted utilizing advanced key-management and key-rotation systems.
Event Monitoring: Chrome River employs advanced threat intelligence tools to evaluate all network events and create alerts based on up-to-the-minute signatures.
3rd Party Testing: Our site and API undergoes independent, regular penetration testing, security scans, threat detection and greybox assessments.
Real-time Audit Log: We also keep a real-time audit log of all data access and changes made by administrators, customers, employees and our automated system.
High Availability Infrastructure
Redundancy: Our system spans numerous physical locations, with N+1 or greater redundancy to establish resilience for all components. This translates into an industry leading 99.9+ percent system availability for customers.
Recoverability: Data is replicated to multiple data centers to assure its recoverability in the event that an outage. We fully test our backup systems on a systematic basis to assure that the they are functional.
Dedicated Security Team: Our Security team is on call 24/7 to respond to security alerts and events.
Protection: Our network is protected by redundant firewalls, best-in-class router technology, secure HTTPS transport over public networks, regular audits, and network intrusion detection/prevention technologies (IDS/IPS) that monitor and block malicious traffic and network attacks.
Architecture: Our network security architecture consists of multiple security zones of trust. Systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk.
Testing: Chrome River uses advanced code testing tools to assure that our code meets OWASP standards.
Single Sign-on: Single sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials for Chrome River. Chrome River only grants access to users that have been authenticated by you. Both Active Directory Federation Services (ADFS) and Security Assertion Markup Language (SAML) are supported.
IP Restrictions: Your Chrome River account can be configured to only allow access from specific IP address ranges you define.
Access Privileges and Roles: Access to data within your Chrome River is governed by access rights, and can be configured to define granular access privileges.
SOC 2 Type II: We undergo annual SSAE16 SOC1 and SOC 2 Type II audits. These reports are available upon request and under NDA. For more information, contact firstname.lastname@example.org.
ISO 27001: Chrome River is ISO/IEC 27001:2013 certified.
PCI-DSS: Chrome River undergoes an annual audit by an independent Qualified Security Assessor (QSA) who attests to our PCI-DSS compliance.
I am a big fan of Chrome River. I am totally on board with this product – great decision.