Customer Security Policy
This Customer Security Policy defines the applicable security requirements that you must follow when accessing the CommunicatorBase network. The examples listed in this policy are not exhaustive. CommunicatorBase reserves the right to remove any content or restrict or terminate your use of the software and services for activities or content that, in CommunicatorBase's reasonable judgment, violates this policy or any agreement pursuant to which you use the services. CommunicatorBase may change this policy from time to time by posting the updated policy on its web site (http://www.CommunicatorBase.com and all related sites operated by or for CommunicatorBase). You are deemed to accept a change to this policy upon your use of the software and services following any such change. If you do not accept this policy, you may not access CommunicatorBase’s network or use any of the software and services.
- CommunicatorBase must be notified by Customer when Customer diverges or plans on diverging from “industry best practices” regarding CommunicatorBase technology;
- All connections or communications to CommunicatorBase must be made with a cryptographically secure mechanism, either in the protocol connection or by solution encryption and digital signatures;
- Exceptions need to be approved in writing by both CommunicatorBase and Customer's security representative for the following: (i) production data should not be used in non-production environments; (ii) digital certificates used to interact with CommunicatorBase must be from certificate authorities trusted in the industry;
- User identities and passwords used to connect to the CommunicatorBase environment must be kept strictly confidential;
- CommunicatorBase must be immediately notified in the event of a breach of security involving CommunicatorBase data;
- Service accounts used to provide system services must not be used by an individual to log into CommunicatorBase’s environment;
- Customer must put adequate procedures in place to ensure that access is removed for Users who are no longer authorized to access the CommunicatorBase network;
- Privileges given to Users of CommunicatorBase applications must be appropriate for their role/position;
- Users of the CommunicatorBase network must not enter false or malicious information into CommunicatorBase’s applications or network;
- Vulnerability and application testing must be scheduled and accepted by both CommunicatorBase and Customer in a separate agreement;
- Customer must verify the data integrity in Customer’s ERP and other systems, including verification that transactions have been entered completely, accurately, and on a timely basis, which includes reconciling Customer’s ERP and other systems with data and reports based on its use of the CommunicatorBase solution.
This Customer Security Policy was last updated on June 19, 2014.