Security assurance

Due Diligence Package

Find information about the steps our company has taken in terms of cybersecurity here.

Security FAQs

Learn what are the most frequent questions on this topic here.

Security Resources

See what are the most requested security information to help you understand our security posture here.

Cloud status

Find status updates about significant incidents or scheduled maintenance of our Cloud services as well as a record of past incidents and maintenance.



Customer penetration testing

Many organizations are required to validate that their computing environments meet corporate standards for security. Customers are able to run penetration testing against their environment but need to work with our team to ensure that they are not impacting any other customer.  This section provides information on the requirements and how to coordinate the testing.

The person submitting this notification agrees that (1) any penetration testing will comply with the Customer Penetration Test requirements; and (2) they have authority to agree to these terms on behalf of the Customer.

Submit pen test notification

Customer pen test requirements

This document describes the requirements (“Requirements”) for customers (“you”) to perform penetration tests against your Cloud services environments. These Requirements are designed to allow you to evaluate the security of your Cloud environment(s) while preventing harm to other customers or to our company, including associated infrastructure, computing environments and data.

All penetration tests must follow the Requirements. Use of our Cloud services will continue to be subject to the terms of the agreement and terms under which you purchased the relevant service. Any violation of these Requirements or of the relevant service terms may result in suspension or termination of your services and legal action as set forth in your agreement. You are responsible for any damage to our Cloud infrastructure (including networks, machines and data) and to any other customers caused by failure to abide by these Requirements or your services agreement.

Prior notice

  • To avoid false security alerts and to prevent interruption of your penetration test, you must fill out a Penetration Test Notification Form at least 24 hours prior to the start of any penetration test.

General conditions

  • You may perform penetration testing only of your subdomain(s) identified on the Penetration Test Notification Form.
  • You may not attempt to scan, test or impact any other domain or environment or to access any domain, environment or data that is not yours.
  • You may not perform a denial of service attack, fuzzing or other activity designed to interrupt availability of the service or to access or affect the integrity of data on any computing environment.
  • You may not attempt phishing or other social engineering attacks or insertion of malware or other malicious code into the service.
  • You may not attempt to exploit any vulnerabilities found during testing (e.g., data exfiltration), and activities that could pose risk to our company's infrastructure, data or other customers must be discontinued once a vulnerability is found.
  • Cloud Software Group is not responsible for any impact to your computing environment or service levels related to your penetration testing activities.
  • Cloud Software Group reserves the right to respond to any actions on its networks that appear to be malicious and to discontinue or require you to discontinue a penetration test at any time.


  • If you believe you discovered a potential security flaw, you must report it to our company within 24 hours.
  • You may not disclose vulnerability information publicly or to any third party until you hear back from our company that the vulnerability has been fixed.