CafeX security datasheet

If you have questions for the CafeX security team, or need to contact them regarding security alerts and events, please send an email to: compliance@cafex.com.

Data Center and Network Security: CafeX prioritizes the security and integrity of its data by utilizing Amazon Web Services (AWS) data centers, which adhere to globally recognized security standards and compliance certifications. The physical security of these data centers is robust, with constant monitoring and strict access controls. CafeX also leverages AWS's infrastructure for data resilience and maintains backups to support system failovers. For further information, please visit the CafeX Trust Center.

Network Security: CafeX has a dedicated, globally dispersed security team that responds to any security alerts or occurrences. The CafeX network is protected by a suite of AWS security services, routine audits, and network intelligence technologies. CafeX also employs strict testing procedures and telemetry to monitor the production environment. CafeX's ISO 27001 management system provides policies and procedures for risk treatment and business continuity. CafeX also conducts regular vulnerability scanning and engages third-party penetration testing experts. For further information, please visit the CafeX Trust Center. 

Personnel Security: CafeX prioritizes the security competence of its workforce. We conduct thorough background checks on all employees and contractors, and access to systems is granted on a strict need-to-know basis (RBAC), subject to frequent audits and monitoring. To ensure ongoing awareness and vigilance, we provide mandatory security awareness training to all staff, which is refreshed annually. Additionally, we conduct frequent phishing training sessions and provide weekly updates on the latest phishing techniques. This comprehensive training program is designed to foster a security-conscious culture and equip our staff with the knowledge and skills to identify and mitigate potential threats, thereby safeguarding sensitive information. For further information, please visit the CafeX Trust Center. 

Encryption: CafeX ensures the security of data both in transit and at rest. Communications between users and CafeX servers are encrypted using industry best-practices protocols, and customer data is securely encrypted at rest on AWS using strong encryption. CafeX employs a multi-layered approach to safeguard sensitive data, including runtime field-level encryption, dual key management, tenant-specific keys, and segregated audit data. For further information, please visit the CafeX Trust Center. 

Availability and Continuity: CafeX maintains a publicly available system status page (https://status.cafex.com) that includes system availability details, scheduled maintenance notices, service incident history, and any ongoing security incident details. CafeX employs service clustering and network infrastructure redundancies to eliminate single points of failure. We also leverage AWS's Availability Zone redundancy and snapshot/rollback features for enhanced resilience. Additionally, CafeX follows strict snapshot/backup policies and procedures combined with Disaster Recovery services.  For further information, please visit the CafeX Trust Center. 

Application Security:CafeX takes steps to ensure the safety of its customers; data by ensuring secure development practices and focused testing around known security threats. All engineers participate regularly in development-focused training on secure coding strategies. The CafeX Quality Assurance (QA) department reviews and tests the CafeX codebase to ensure its quality, stability, and integrity. CafeX also has dedicated security engineers to identify, test, and triage any security vulnerabilities present in the code. 

Application vulnerabilities are addressed at multiple levels:

• Dynamic vulnerability scanning: CafeX uses qualified third-party tooling to continuously dynamically scan the CafeX core applications against security risks.
• Static code analysis: The source code repositories of CafeX are scanned for security issues using CafeX’s integrated static analysis tooling.
• System integrity: Any threats, such as library vulnerabilities, vulnerability reports, threat reports are reviewed immediately for appropriate corrective priority and action plan. 

For further information, please visit the CafeX Trust Center. 

Product Security Features: CafeX makes it seamless for customers to manage access and sharing policies with authentication and single-sign-on (SSO) options, which also allows them to enforce their own Multi-Factor Authentication (MFA) policies. All communications with CafeX servers are encrypted using industry-standard protocols. CafeX adheres to strict secure credential storage best practices. Customers can bring their own storage, and CafeX only stores metadata associated with that data. Access control and security of the customer's data remain under the governance of their chosen storage provider. CafeX employs unique encryption keys for each tenant to ensure data isolation and prevent unauthorized access or modification. For further information, please visit the CafeX Trust Center.

Compliance Certification and Memberships: CafeX implements security best practices to meet industry-based compliance and the most stringent requirements. CafeX holds certifications such as ISO 27001 and complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). CafeX also undergoes PCI-DSS compliance and executes a Business Associate Agreement (BAA) with HIPAA-covered entities. 

Furthermore, CafeX is registered with the UK Information Commissioner's Office (ICO) , demonstrating our commitment to upholding the UK's data protection laws, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

For a comprehensive overview of CafeX's security posture and to access downloadable items such as the ISO 27001:2022 certificate, Pen-test attestation etc please visit the CafeX Trust Center.