1. Company Security

We have an advanced security system that considers our security objectives and all interested parties' risks and mitigations. In addition, we employ strict policies and procedures encompassing the security, availability, processing, integrity, and confidentiality of customer data.

2. Employee Background Checks

Each employee is subjected to a background investigation. We use reputable third-party companies to do this check on our behalf. We do this to check their criminal history, previous work records, and educational background if they have any. The employee will not be allocated responsibilities that could endanger users until this check is completed.

3. Security Awareness

After being inducted, each employee signs a confidentiality agreement and an approved usage policy and then receives training in information security, privacy, and compliance. Then, based on their roles, we provide training on specific security issues they may need. We also use tests and quizzes to assess their comprehension and determine which topics require additional instruction.
We continuously educate our staff on information security, privacy, and compliance through our internal community. Our employees check in regularly to stay up to speed on the organization's security standards. We also hold internal events to increase awareness and promote security and privacy innovation.

4. Dedicated Security and Privacy Teams

We have dedicated security and privacy teams that implement and manage our security and privacy programs. They engineer and maintain our defence systems, develop review processes for security, and constantly monitor our networks to detect suspicious activity. In addition, they provide domain-specific consulting services and guidance to our engineering teams.

5. Internal Audit and Compliance

Our security and privacy programmes are implemented and managed by teams committed to security and privacy. They design security review processes, engineer and manage our protection systems, and constantly monitor our networks for suspicious activities. In addition, our technical teams benefit from their domain-specific advising and advice.

6. Endpoint Security

All workstations provided to ClarityTTS staff are equipped with the most recent operating system and anti-virus software. In addition, they're set up to meet our security standards, which call for all workstations to be correctly installed, patched, tracked, and monitored using ClarityTTS's endpoint management software. These workstations are safe by default, as they are set up to encrypt data in transit, use strong passwords, and lock when not in use. To ensure that mobile devices used for business purposes fulfil our security criteria, they are enrolled in the mobile device management system.

7. At Workstation

The Human Resource (HR) staff creates and manages role-specific goals. We use access cards to govern access to our resources (buildings, infrastructure, and facilities), including consumption, entry, and utilization. For example, we issue distinct access cards to employees, contractors, vendors, and guests that only allow entry for their visit to the premises. To detect and address irregularities, we keep access logs.

8. At Data Centers

A colocation provider manages the building, cooling, power, and physical security at our Data Centers while providing the servers and storage. Only a small number of authorized workers have access to the Data Centers. Any other access is logged as a ticket and granted only with the permission of the appropriate managers. To enter the premises, further two-factor authentication and biometric authentication are necessary. Access logs, activity data, and camera footage are all available in an incident.

9. Monitoring

We use CCTV cameras to monitor all access and exit movements throughout our business centers and data centers by local requirements. Backup footage is available for a limited time, depending on the venue's needs.

10. Network Security

Our network security and monitoring methods are built to give numerous layers of defence and protection. Firewalls protect our network from unwelcome traffic and unwanted access. To protect sensitive data, our systems are divided into distinct networks. For example, systems that support testing and development are hosted on a different network than those that support ClarityTTS's production infrastructure.

We keep a close eye on firewall access frequently. Every day, a network engineer evaluates all firewall updates. These adjustments are also examined every three months to update and alter the rules. In addition, our Network Operations Center team keeps an eye on the infrastructure and apps for any anomalies or suspicious activity. Our proprietary technology continuously monitors all critical parameters, and notifications are sent out in the event of any anomalies.

11. Network Redundancy

Our platform's components are all redundant. We adopt a distributed grid architecture to protect our system and services from the effects of possible server failures. Users can carry on as usual if a server goes down because their data and ClarityTTS services will still be available.

We deploy numerous switches, routers, and security gateways to achieve device-level redundancy. Single-point failures in the internal network are avoided as a result of this.

12. Server Hardening

All servers used for development and testing purposes have been hardened (disabling unused ports and accounts, removing default passwords, etc.). Server hardening is embedded into the underlying Operating System (OS) image, installed in the servers to ensure consistency between servers.

13. Single Sign-On (SSO)

Single sign-on (SSO) is a feature offered by ClarityTTS that allows users to access different services using the same sign-in page and login credentials. Only our integrated Identity and Access Management (IAM) service are used to sign in to any ClarityTTS service. We also support SAML for single sign-on, allowing customers to use their company's identity provider, such as LDAP or ADFS, to log into ClarityTTS services.

SSO makes it easier to log in, assures compliance, provides effective access management and monitoring, and decreases the risk of password fatigue, which leads to weak passwords.

14. Administrative Access

We deploy technical access controls and organizational policies to prevent staff from accessing user data at will. To reduce the danger of data disclosure, we use the principles of least privilege and role-based permissions.

A central directory manages access to production environments, and users are authorized using a combination of strong passwords, two-factor authentication, and pass-protected SSH keys. We also make such access easier by creating a separate network with stronger regulations and hardened devices. We also keep track of all operations and audit them regularly.

15. Logging and Monitoring

We track and analyze data gathered from services, internal network traffic, and device and terminal usage. Event logs, audit logs, fault logs, administrator logs, and operator logs are all used to keep track of this information. These logs are automatically watched and examined fairly, allowing us to spot anomalies like strange activity in workers' accounts or efforts to access client data. We store these logs on a secure server segregated from full system access to handle access restrictions and maintain availability.

Customers get access to detailed audit logs for all update and delete operations made by the user in any ClarityTTS service.

16. Vulnerability Management

We have a dedicated vulnerability management strategy that uses a combination of certified third-party scanning technologies and in-house tools, as well as automated and manual penetration testing activities, to scan for security risks actively. In addition, our security staff actively examines inbound vulnerability reports and monitors public mailing lists, blog postings, and wikis for incidents that could compromise the company's infrastructure.

When we find a vulnerability that must be fixed, we log it, prioritize it by severity, and assign it to an owner. We also identify the risks associated with the vulnerability and track it until it is fixed, either by patching the susceptible systems or by implementing appropriate measures.

17. Conclusion

Security of your data is your right and a never-ending mission of ClarityTTS. We will continue to work hard to keep your data secure, like we always have. For any further queries on this topic, look at our FAQs or write to us at onboard@claritytts.com