CMD+RVL Security Position
Company Overview
CMD+RVL transforms data ecosystems with metadata-first solutions, making data accessible and actionable. Integrating with existing systems, we drive data-inspired decisions, fostering employee empowerment and curiosity. Ideal for CTOs and CIOs facing data complexity, we boost productivity and ignite strategic conversations.
Our Data Discovery Platform allows our clients to extract value out of their data ecosystem by collecting, presenting, and harnessing metadata. The platform does not copy or store any client data. Our Data Discovery Platform offers the flexibility to be hosted in our AWS account or within our clients' AWS or Azure environments. In addition to our core software offering, we provide professional services tailored to building data pipelines to meet specific customer use cases. These services include the critical function of capturing and storing metadata within our platform to ensure seamless data management and utilization.
Current Security Position
We prioritize the security and integrity of our clients' data. Our current security measures include:
AWS Security Best Practices
We leverage AWS's robust security features to ensure the safety and integrity of data hosted within our environment. This includes using IAM roles and policies, VPCs, security groups, and encrypted storage.
Client Environment Security
For platforms hosted within client environments, we adhere to their security protocols and ensure compliance with their specific requirements.
Data Protection
We employ encryption of data and metadata in-transit. We do not store any customer data in our platform.
Access Controls
We enforce strict access controls and authentication mechanisms to ensure that only authorized personnel have access to sensitive data and systems.
Future Security Plans
Recognizing the importance of building trust and ensuring the highest standards of security, we are committed to enhancing our security posture through the following initiatives:
SOC 2 Certification
Planned Timeline
We aim to initiate the SOC 2 audit process within the next twelve to twenty-four months.
Preparation and Readiness:
We are in the process of formalizing our security policies and procedures to align with SOC 2 criteria. This includes documenting our processes, implementing necessary controls, and ensuring continuous monitoring and improvement of our security practices.
Engagement with Audit Firms:
We plan to engage with reputable audit firms to conduct the SOC 2 audits, ensuring that our security practices are rigorously evaluated and validated.
Penetration Testing
Scheduled Penetration Test
We plan to conduct our first comprehensive penetration test within the next twelve to twenty-four. This will be carried out by an independent, certified third-party security firm.
Ongoing Testing and Improvement
Following the initial penetration test, we will establish a regular schedule for periodic penetration testing to continuously assess and improve our security defenses. Findings from these tests will be promptly addressed to mitigate any identified vulnerabilities.
Conclusion
While we have implemented several key security measures, we understand the critical importance of continually enhancing our security posture. Our commitment to obtaining SOC 2 certification and conducting regular penetration testing reflects our dedication to protecting our clients' data and building trust through transparency and rigorous security practices. We are confident that these initiatives will significantly bolster our security framework and ensure that we meet the highest standards of data protection and compliance.
If you have any questions or require further details about our security measures and plans, please do not hesitate to contact us at drew@cmdrvl.com. We are committed to working closely with our clients to address any security concerns and ensure the safe and secure use of our platform.