Why CIOs Trust Cayuse the Most

Cayuse’s commitment to security, availability, and privacy

AICPA SOC-2 badge

Billions of dollars worth of research is managed through Cayuse. That’s why we’ve taken a no-compromise approach to security, availability, and privacy. Cayuse combines industry-leading cloud technology, a highly trained and experienced staff, adherence to strict industry standards, and the flexibility to meet diverse customer requirements. The following is a brief overview of our systems and policies in place that meet the industry’s gold standards. To see the first 10 pages of the 50+ page audit report click here. We’re happy to share more when your team desires.

Secure Cloud Infrastructure

Cayuse’s 24/7 SaaS Engineering infrastructure is installed in the Amazon Web Services (AWS) cloud infrastructure with the highest level of security-controlled and monitored physical access, redundant high-speed networking, and enterprise-class operational safeguards.

Amazon facilities are audited to SSAE 16, SOC 2, PCIA standards, as well as many other standards. They are ISO 27001 certified, and they comply with HIPPA requirements. Each AWS region has multiple layers of physical and virtual security and is not accessible by any customer.

Powered by AWS

Unrivaled Security Services

Security is at the forefront of Cayuse’s technology planning. We follow industry best practices for configuration management, login authorization processes, centralized authentication and logging, monitoring and alerting to on-call personnel, as well as secure host access and administration.

We utilize various levels of firewalls on our corporate network as well as AWS security infrastructure to ensure access only to authorized services and people.

Additional security services we provide:

N
Access management
N
Detective controls
N
Infrastructure protection
N
Data protection
N
Incident response
N
Patch management
N
Vulnerability remediation
N
Malware management
N
Security monitoring

Best-in-class Availability

We have fully documented and successfully been audited for an extensive set of processes that ensure best-in-class availability.

All servers are monitored at all times for (including but not limited to): processes, load, performance, services, users, network I/O, and CPU/Memory. We use an external monitoring service to monitor external availability of all of our customer applications from multiple locations throughout the US.

All databases and file attachments are backed up nightly and snapshots are taken every 30 minutes of all database servers to allow for prompt, point-in-time recovery of systems and services. We also have documented policies and processes for recovering backup data in the event of a catastrophic incident at an AWS region.

We also have environmental protections with controls in place for incidents like electrical systems, fire detection, climate control, and water leakage to ensure we’re the most highly available platform on the market.

Cayuse status page

Uptime Transparency

We believe success is built on trust, and that starts with transparency. We’re the only vendor with an open status page that provides realtime incident reports and 90-day historical metrics on product availability and performance.

Confidential & Encrypted Data Transmissions

Data transmissions between Cayuse and our customers are encrypted in accordance with the Advanced Encryption Standard (AES).

Before any information is shared, formal authorizations are obtained based on confidentiality commitments and requirements applicable to all related parties and vendors.

AICPA logo

More About SOC Certification

Service Organization and Controls (SOC) reports provide an industry-wide acknowledgment that a company adheres to trust service principles.

These principles and controls are set by the American Institute of Certified Public Accountants (AICPA). SOC reports deliver valuable information that can be used to assess the quality of security provided by vendors.

See a Sample of Our SOC 2 Audit Report