Skip to content
Close
CONTACT
PHONE NUMBER: 0330 380 2061E-MAIL: coeus@catalyst-it.co.uk
Request a Demo
PHONE NUMBER: 0330 380 2061E-MAIL: coeus@catalyst-it.co.uk
Request a Demo
Artboard 1
Coeus SEP
Untap the potential in every supplier relationship by collaborating with data; provision a data driven supplier portal to drive joint business value more effectively than ever before.
Artboard 1_1
Fusion
Achieve the full potential of Qlik Sense Cloud - Increase user engagement and enhance adoption; deploy a fully branded internal or external portal in an instant!
Artboard 1_2
Coeus QB
Supercharge enterprise engagement; capture and analyse data at scale from any business partner to gather valuable information and actionable insights.

LEGAL / SECURITY STATEMENT

TABLE OF CONTENTS
loading...

Security  

Security at Catalyst Cloud is embedded across the company and an integral part of how Catalyst develops software. It is designed to cover all facets of security disciplines within the company from software development to SaaS operations to corporate information technology security. 

Catalyst Cloud incorporates leading security technologies and modern open standards to provide users with the confidence that their data and analyses are secure. Additionally, Catalyst Cloud and its operating infrastructure provide security using a number of methods. 

Secure Software Development Lifecycle 

Catalyst Cloud’s development model follows an implementation that incorporates regular static code analysis, threat modelling, third-party vulnerability scanning, and pen-testing into Catalyst Cloud’s software development process. 

Vulnerability Management 

For security-related incidents, Catalyst Cloud follows a Responsible Disclosure approach for any vulnerability that rates as High or Critical by our Software Security Office. This approach includes publishing Security Bulletins to our customer and partner portals, collaborating with the reporter of the vulnerability if applicable, creating software fixes as soon as possible, and/or providing mitigation until fixed. 

Secure Operations 

Catalyst Cloud proactively monitors production environments to identify and resolve any vulnerabilities that could compromise data security. Catalyst Cloud works with independent third parties who perform vulnerability assessments against the infrastructure, platform and applications that make up Catalyst Cloud’s product portfolio. 

Certifications  

Cyber Essentials Plus  

Cyber Essentials Plus is a UK Government-backed and industry-supported scheme that helps businesses protect themselves against the growing threat of cyber attacks and provides a clear statement of the controls organisations should have in place to protect themselves. 

It is the UK Government’s answer to a safer internet space for organisations of all sizes, across all sectors. Developed and operated by the National Cyber Security Centre (NCSC), Cyber Essentials is considered a benchmark step to a more secure network, protecting you from 80% of the most basic cyber security breaches. 

Gaining Cyber Essentials certification also enables organisations to showcase their credentials as trustworthy and secure when it comes to cyber security. 

Hosting 

ISO 27001 

Catalyst Cloud hosting partner meets the standards of ISO 27001, an information management security specification for information management systems (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes. 

SOC 1 

Catalyst Cloud hosting partner has successfully completed a SOC 1 Type 2 assessment which provides an evaluation on the suitability of the design and operating effectiveness of Catalyst Cloud's hosting partner internal controls, reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting. SOC 1 is a rigorous examination by an independent Accounting firm based on AICPA Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy. 

SOC 2 

Catalyst Cloud hosting partner has successfully completed a SOC 2 Type 2 assessment which provides an evaluation on the suitability of the design and operating effectiveness of Catalyst Cloud's hosting partners internal controls. SOC 2 is a rigorous examination by an independent Accounting firm based on AICPA Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy. 

SOC 3 

Catalyst Cloud hosting partner has successfully completed a SOC 3 assessment which provides an evaluation on the suitability of the design and operating effectiveness of Catalyst Cloud's hosting partnes internal controls. SOC 3 is a rigorous examination by an independent Accounting firm based on AICPA Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy. 

Privacy  

Data is one of your business’s most critical assets, which is why we treat it with the utmost care. Through security- and privacy-by-design development processes, Catalyst Cloud ensures our solutions align with the latest data protection and privacy laws around the world, such as GDPR. 

Catalyst Cloud has an ongoing commitment to protecting the data of our customers, business partners and employees. We believe in communicating in an open, transparent manner about the ways in which your data is collected and used, and respecting customers’ choice and control over their data. Accordingly, we have developed a robust privacy program to ensure compliance with the evolving landscape of privacy and data protection laws and maintain the trust our customers have in our products and services. 

Catalyst Cloud’s Privacy Team, led by our Data Protection Officer, in conjunction with our Information Security Team, administers and monitors the effectiveness of our privacy program. Our privacy program is supported by a cross-functional team of Data Privacy Champions, including representatives from Legal, IT, R&D, Product, Consulting, Sales, Marketing and Support. The privacy program is underpinned by comprehensive processes and controls, such as: 

  • Measures to ensure the lawful transfer of personal data between Catalyst Cloud group companies in different countries. 
  • Our record of data processing activities, as required under Article 30 GDPR. 
  • Catalyst Cloud is a processor of our customers’ personal data within Catalyst Cloud Cloud. Therefore, customers can confidently use personal data in their tenants with the knowledge that the Catalyst Cloud Data Processing Addendum provides the protections required by applicable law. 
  • Privacy-By-Design and Privacy-By-Default methodologies, e.g., in our vendor vetting and our R&D/product development processes. 
  • Data retention and access rules. 
  • Regular data privacy and security training. 
  • Your Data, Your Choice - You decide what content data (i.e., the data/applications) you upload into or create in our products. You can also correct and delete your content data whenever you need, to suit your business. 
  • Comprehensive data privacy policies and notices, including our information security policies found here 

Security of Your Data  

Your content data is encrypted in Catalyst Cloud Cloud and we have multiple layers of security in place to protect it. Catalyst Cloud personnel do not have direct access to your data unless you otherwise invite us into your Catalyst Cloud Cloud tenant (e.g., to perform Consulting Services). Visit our Trust and Security page to learn more about the security controls we apply to protect your data and to view our security certifications and accreditations.