Due Diligence Package
Find information about the steps our company has taken in terms of cybersecurity here.
Learn what are the most frequent questions on this topic here.
See what are the most requested security information to help you understand our security posture here.
Find status updates about significant incidents or scheduled maintenance of our Cloud services as well as a record of past incidents and maintenance.
Customer penetration testing
Many organizations are required to validate that their computing environments meet corporate standards for security. Customers are able to run penetration testing against their environment but need to work with our team to ensure that they are not impacting any other customer. This section provides information on the requirements and how to coordinate the testing.
The person submitting this notification agrees that (1) any penetration testing will comply with the Customer Penetration Test requirements; and (2) they have authority to agree to these terms on behalf of the Customer.
Customer pen test requirements
This document describes the requirements (“Requirements”) for customers (“you”) to perform penetration tests against your Cloud services environments. These Requirements are designed to allow you to evaluate the security of your Cloud environment(s) while preventing harm to other customers or to our company, including associated infrastructure, computing environments and data.
All penetration tests must follow the Requirements. Use of our Cloud services will continue to be subject to the terms of the agreement and terms under which you purchased the relevant service. Any violation of these Requirements or of the relevant service terms may result in suspension or termination of your services and legal action as set forth in your agreement. You are responsible for any damage to our Cloud infrastructure (including networks, machines and data) and to any other customers caused by failure to abide by these Requirements or your services agreement.
- To avoid false security alerts and to prevent interruption of your penetration test, you must fill out a Penetration Test Notification Form at least 24 hours prior to the start of any penetration test.
- You may perform penetration testing only of your subdomain(s) identified on the Penetration Test Notification Form.
- You may not attempt to scan, test or impact any other domain or environment or to access any domain, environment or data that is not yours.
- You may not perform a denial of service attack, fuzzing or other activity designed to interrupt availability of the service or to access or affect the integrity of data on any computing environment.
- You may not attempt phishing or other social engineering attacks or insertion of malware or other malicious code into the service.
- You may not attempt to exploit any vulnerabilities found during testing (e.g., data exfiltration), and activities that could pose risk to our company's infrastructure, data or other customers must be discontinued once a vulnerability is found.
- Cloud Software Group is not responsible for any impact to your computing environment or service levels related to your penetration testing activities.
- Cloud Software Group reserves the right to respond to any actions on its networks that appear to be malicious and to discontinue or require you to discontinue a penetration test at any time.
- If you believe you discovered a potential security flaw, you must report it to our company within 24 hours.
- You may not disclose vulnerability information publicly or to any third party until you hear back from our company that the vulnerability has been fixed.