Why CIOs Trust Cayuse the Most
Cayuse’s commitment to security, availability, and privacy
Billions of dollars’ worth of research is managed through Cayuse. That’s why we’ve taken a no-compromise approach to security, availability, and privacy. Cayuse combines industry-leading cloud technology, a highly trained and experienced staff, adherence to strict industry standards, and the flexibility to meet a variety of customer requirements. The following is a brief overview of our systems and policies that meet the industry’s gold standards. To see the first 10 pages of the 50+ page audit report, click here. We’re happy to share more when your team desires.
Secure Cloud Infrastructure
Cayuse’s 24/7 SaaS engineering infrastructure is installed in the appropriate global region of Amazon Web Services (AWS) cloud infrastructure with the highest level of security-controlled and monitored physical access, redundant high-speed networking, and enterprise-class operational safeguards.
Amazon facilities are audited to SSAE 16, SOC 2, PCIA standards, as well as many other standards. They are ISO 27001 certified, and they comply with HIPAA requirements. Each AWS region has multiple layers of physical and virtual security and is not accessible by any customer.
Unrivaled Security Services
Security is at the forefront of Cayuse’s technology planning. We follow industry best practices for configuration management, login authorization processes, centralized authentication and logging, monitoring and alerting to on-call personnel, as well as secure host access and administration.
We use various levels of firewalls on our corporate network as well as AWS security infrastructure to ensure access only to authorized services and people.
Additional security services we provide:
We have fully documented and successfully been audited for an extensive set of processes that ensure best-in-class availability.
All servers are monitored at all times for processes, load, performance, services, users, network I/O, CPU/memory, and more. We use an external monitoring service to monitor external availability of all of our customer applications from multiple locations throughout the U.S.
All databases and file attachments are backed up nightly, and snapshots are taken every 30 minutes of all database servers to allow for prompt, point-in-time recovery of systems and services. We also have documented policies and processes for recovering backup data in the event of a catastrophic incident at an AWS region.
We also have environmental protections with controls in place for incidents like electrical systems, fire detection, climate control, and water leakage to ensure we’re the most highly available platform on the market.
We believe success is built on trust, and that starts with transparency. We’re the only vendor with an open status page that provides realtime incident reports and 90-day historical metrics on product availability and performance.
Confidential & Encrypted Data Transmissions
Data transmissions between Cayuse and our customers are encrypted in accordance with the Advanced Encryption Standard (AES).
Before we share any information, we obtain formal authorizations based on confidentiality commitments and requirements applicable to all related parties and vendors.
More About SOC Certification
Service Organization and Controls (SOC) reports provide an industry-wide acknowledgment that a company adheres to trust service principles.
These principles and controls are set by the American Institute of Certified Public Accountants (AICPA). SOC reports deliver valuable information that can be used to assess the quality of security provided by vendors.