At Adaptive Catalog, data security and privacy is at the core of everything we do. Our software development and service delivery processes are built upon robust security controls and stringent data protection practices. By delivering services grounded in these principles, we ensure the availability, confidentiality, and integrity of your information at all times.

It is the policy of Adaptive Catalog to promote awareness across our entire organization and throughout our supplier network of the importance of protecting information. This is supported through regular Information Security (IS) training and awareness programs designed to keep security top-of-mind for all personnel.

We remain vigilant to the ever-evolving information security landscape by fostering a culture of continual improvement. This means staying ahead of emerging threats, regularly reviewing our practices, and thoroughly addressing any nonconformities through a robust incident and nonconformance reporting system.

Cloud Services

Adaptive Catalog is primarily hosted in Microsoft Azure, which is a leader in offering reliable, secure, and scalable cloud infrastructure.

Physical Security

Microsoft Azure’s geographically dispersed datacenters comply with key industry standards, such as ISO/IEC 27001:2013 and NIST SP 800-53, for security and reliability. The datacenters are managed, monitored, and administered by Microsoft operations staff. The operations staff has years of experience in delivering the world's largest online services with 24 x 7 continuity.

For more information on Azure’s physical security, see their documentation at https://learn.microsoft.com/en-us/azure/security/fundamentals/physical-security

Access Controls

Role-based access is utilized in all IT systems. Permissions are defined based upon least privilege and segregation of duties. Processes and procedures are in place to govern access provisioning, access termination (voluntary and involuntary), and scheduled reviews of access and permissions.

All users are provisioned with unique account IDs. Password requirements enforce the use of complex passwords and multifactor authentication (MFA) is required on all accounts where available.

Business Continuity

Azure datacenters are all designed to be highly available, with many redundancies, efficiencies, and scalability. Adaptive Catalog currently utilizes 3 datacenters, East US (Virginia), West US (California), and East Australia (NSW).

In the event of a regional outage in one of the datacenters, Adaptive Catalog will begin the failover process to a paired datacenter. This involves restoring some data from backups and failing over to secondary data sources for other data.

Data Backups

All data is backed up at least every 24 hours. Backups are stored on-site as well as at multiple Microsoft Azure datacenters. All backups are encrypted and stored in access-controlled containers.

Issue Resolution

The SRE team monitors our cloud infrastructure 24/7 and in the event of a partial or full outage, all affected customers will be contacted by the Adaptive Catalog team and kept up to date on the resolution status and estimated time of recovery. Root cause analysis will be provided upon request.

Patch Management

Adaptive Catalog works to apply the latest security patches and updates to operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities. Patch management processes are in place to implement security patch updates as they are released by vendors. Patches are tested prior to being deployed to production.

Secure Software Development

At Adaptive Catalog, we follow a secure software development methodology. Security is implemented throughout the entire software design methodology. Quality assurance is involved at each phase of the lifecycle and security best practices are a mandated aspect of all development activities.

On a regular interval we perform vulnerability scans, penetration testing, and product security assessments.

Security Training

Employees receive security training upon hire, annually, and on an as-needed basis. Training covers a broad set of subjects including safe computing, acceptable use, security best practices, and role-specific security.

Asset Management

Adaptive Catalog maintains a list of all corporate owned assets, as well as employee-owned assets with access to Adaptive Catalog data. Policies are in place to ensure all devices with access to any Adaptive Catalog data are secure and remotely monitored.