CSM Core Platform Security
Cherwell uses industry-standard tools, processes, and testing by third-party vendors to ensure security hardening for CSM.
Cherwell performs application testing on a regular basis.
- Web application penetration testing.
- Application code testing and certification with Veracode. Review our certification status at https://www.veracode.com/verified/directory/cherwell.
Verification includes the following release gates:
- Assessment of all open source components.
- Released software does not include very high or high known vulnerabilities.
- Sixty-day remediation deadline for very high and high known vulnerabilities discovered in the latest version of released software. Remediation occurs in next released version of the software.
- Cherwell security champions ensure security coding practices are used across the development life cycle.
- Open Web Application Security Project (OWASP) developer certification.
Cherwell also performs automated vulnerability management and third-party environmental penetration testing of all Cherwell-hosted environments.
Documents explaining our security processes, along with SOC2 and ISO 27001 certification verification, are available on request. Contact your account representative for assistance.