CSM Core Platform Security

Cherwell uses industry-standard tools, processes, and testing by third-party vendors to ensure security hardening for CSM.

Cherwell performs application testing on a regular basis, including web application penetration testing..

Verification includes the following release gates:

  • Assessment of all open source components.
  • Released software does not include very high or high known vulnerabilities.
  • Sixty-day remediation deadline for very high and high known vulnerabilities discovered in the latest version of released software. Remediation occurs in next released version of the software.
  • Cherwell security champions ensure security coding practices are used across the development life cycle.
  • Open Web Application Security Project (OWASP) developer certification.

Cherwell also performs automated vulnerability management and third-party environmental penetration testing of all Cherwell-hosted environments.

Documents explaining our security processes, along with SOC2 and ISO 27001 certification verification, are available on request. Contact your account representative for assistance.