Security and Compliance FAQs

This article is a repository of FAQs from our customers about security and compliance. If you have any additional security-related questions, please reach out to [email protected].

  • What secure protocols/algorithms are used to protect data in transport?
    • Data is transported using TLS 1.2 or better.
  • What protocol is used to encrypt backups and to protect data at rest?
    • The standard encryption for data protected in the platform is AES-256. We leverage AWS KMS-SSE, and this AWS Doc can be used for reference.
  • What certifications does Clumio have?
    • We have the following certifications, and you can also find a list of them here.
      • SOC 2
      • HIPPA
      • PCI
      • 2022 ISO 27001
      • 2022 ISO 27701
  • Does Clumio allow the use of customer-managed keys to perform backups?
    • We do allow customer managed keys to perform backups on our platform.
  • How does Clumio protect my data?
    • At Clumio, cybersecurity and protection of our customers data is a top priority. We have a SOC2 / ISO governed security program, and make strong efforts to go beyond controls in the framework to ensure confidentiality, integrity and availability of all customer data. We closely monitor and ensure compliance with local, national, and international data privacy requirements to ensure that not only are we delivering a secure service, but we are protecting the privacy rights of our customers and the customers of our customers.
      Details of our security controls, policies and procedures can be provided under NDA via our SOC 2 and ISO reports. Please contact a Clumio representative if you would like to discuss or review this information.