CSM Platform Security
Cherwell uses industry-standard tools, processes, and testing by third-party vendors to ensure security hardening for CSM.
Cherwell performs application testing on a regular basis.
- Application code penetration testing.
- Application code testing and certification with Veracode. Review our certification status at https://www.veracode.com/verified/directory/cherwell.
Verification includes the following release gates:
- Assessment of all open source components.
- Released software does not include very high or high known vulnerabilities.
- Sixty-day remediation deadline for very high and high known vulnerabilities in the latest or next version of released software.
- Cherwell security champions ensure security coding practices are used across the development life cycle.
- Open Web Application Security Project (OWASP) developer certification.
Cherwell also performs automated vulnerability management and testing of the environment. A third-party vendor performs scheduled penetration testing of all Cherwell hosted environments.
Documents explaining the security process, along with SOC2 and ISO 27001 certification verification, are available on request. Contact your account representative for assistance.