New Product Alert
🚀 Meet Maestro: Your AI-Powered FP&A Sidekick!
See it in action
Ebook
New Ebook: Unlock the power of AI in FP&A
Download Now

Centage Security Policy

Overview

Helping to protect the confidentiality, integrity, and availability of our customers’ data is of the is a key consideration at Centage, as is maintaining customer trust and confidence. We recognize that information security entails end-to-end efforts, spanning application development, system configurations, hosting services, and personnel security. Here are some of the security features Centage has implemented to help protect customer data.

Organization, People, and Processes

Centage manages the security of its information assets according to a defined Information Security framework. Policies are the foundational elements of all standards, procedures, and security practices implemented at Centage.

Centage requires that all Centage staff:

  • Report information security incidents they may become aware of.
  • Comply with all relevant policies, including Centage’s Acceptable Use policy, which outlines appropriate and safe use of systems, fundamental security controls to protect from attack vectors, strong passwords, device encryption, multi-factor authentication, and anti-malware protections.
  • Undergo background checks as part of candidate screening, and upon starting sign our Acceptable Use and Employee Proprietary Information agreements

Centage follows these organizational processes and technical controls designed to support information security:

  • Least privilege, role-based user management.
  • Change management procedures applicable to system and network configurations, access controls, and application code.
  • Structured approaches to identifying, escalating, and responding to security issues, to ensure consistent and effective incident management.

Product Security

  • Support for single sign-on (SSO) and multi-factor authentication. Centage also supports custom SSO integrations with SAML 2.0 based identity providers.
  • Role-based access controls to limit the data that Centage users can view or edit.

Data Security and Availability

  • Transport layer encryption (SSL/TLS) is implemented for all client-server communication. Versions of TLS and SSL prior to TLS 1.2 are not supported. Customer data is encrypted in transit and at-rest.
  • Centage’s production environment is physically separate from development and test environments, and production data is never replicated to other environments.
  • For data redundancy, data in the application database is backed up in alternate data centers for disaster recovery purposes daily. Data restoration procedures are tested annually. Backups are retained for 30 days.

Centage Infrastructure

The Centage platform is designed and operated with security top of mind. Security controls are incorporated into Centage’s development and operating processes, and extended to Centage customers to help support their security requirements and priorities.

Monitoring and Logging

Centage generates audit logs for all customer and employee authentication events, and changes to database contents. Continuously managed Web Application Firewall (WAF) screening for known attack vectors and DDOS attacks.

Centage Hardware Infrastructure

Centage is committed to securing its customers’ data.

  • Centage is hosted in the US and Canada on the Amazon Web Services (AWS) infrastructure. All data is stored and processed in the USA, except for Canadian customers whose data is stored and processed in Canada.
  • Centage runs a multi-tenant environment. Production tenants are logically separated from each other.
  • Centage standardizes utilization of approved providers’ built-in security capabilities.

Threat Management

Centage utilizes third party security information and event management tools to continuously monitor its environment . Any identified security issues are correlated, aggregated, and risk-rated for prioritized treatment, following a standards-based approach.

Privacy

Centage takes user privacy seriously and has strict policies to keep your personally identifiable information safe. Visit our privacy policy page for more information.

Conclusion

Want to Learn More? If you have any questions about our security measures or technology, please feel free to reach out to us directly at security@centage.com.

Centage is SOC 2 Compliant and the latest report can be downloaded here.

Collaborative FP&A

The only collaborative  FP&A budgeting software that aligns and engages your entire company.

Book a Demo