CSM Core Platform Security

Cherwell uses industry-standard tools, processes, and testing by third-party vendors to ensure security hardening for CSM.

Cherwell performs application testing on a regular basis, including web application penetration testing..

Verification includes the following release gates:

• Assessment of all open source components.
• Released software does not include very high or high known vulnerabilities.
• Sixty-day remediation deadline for very high and high known vulnerabilities discovered in the latest version of released software. Remediation occurs in next released version of the software.
• Cherwell security champions ensure security coding practices are used across the development life cycle.
• Open Web Application Security Project (OWASP) developer certification.

Cherwell also performs automated vulnerability management and third-party environmental penetration testing of all Cherwell-hosted environments.

Documents explaining our security processes, along with SOC2 and ISO 27001 certification verification, are available on request. Contact your account representative for assistance.