Information Security

Keeping your information safe and secure

Download pdf

Safeguarding Your Data Empowering Your Operations

As a provider to Fortune 500 companies, governments, allied forces, and international organizations, we are committed to ensuring the confidentiality integrity and availability of our customers’ data. To safeguard your data and meet your zero trust requirements, we uphold strict information security standards and follow industry best practices as part of a robust approach to data security and hosting.

Cloud Hosting Security

We utilize modern cloud hosting services or data centre technology with high-availability and strict security to ensure robust and reliable access to your data, 24/7.

Identity & Access Management

Our IAM processes ensure only authenticated and authorized users can access data in the application while delivering nonrepudiation for application and system actions.

Development and Application Security

4C implements robust security practices across its development process and vulnerability management to ensure our software remains secure and resilient against evolving threats.

Organizational Information Security

People have a key role to play in upholding security; therefore we have comprehensive processes in place to ensure security is not compromised.

Privacy

  • Personal Data in the Software
    Personal Data or Personal Identifiable Information (“Personal Data”), such as names, email addresses, and login credentials, is processed in the software to facilitate the setup and management of customer user accounts. The data required in the software is limited to what is strictly necessary to provide a secure and functional user experience. The software does not request any additional data beyond what is essential for its core functionality. The customer is responsible for identifying, determining the lawful processing of, and ensuring the secure handling of any Personal Data necessary for their use of the software. If the GDPR applies, the customer is considered the data controller and is therefore responsible for the data controller obligations according to the GDPR.
  • Information Security
    Our comprehensive security measures are outlined above, highlighting how we safeguard your data. For information on access control see the sections above.
  • Data Residency
    For hosted solutions, the software is either hosted by 4C’s internal servers, or by a third-party hosting provider such as Microsoft Azure. For our European customers, all customer data is stored within EU/EEA. For our Australian or US customers, all customer data is stored in data centers located in Australia or the US.
  • Third-party Processing
    4C continuously reviews its third-party suppliers to ensure that appropriate security measures are in place to safeguard Customer Data, including Personal Data, and maintain compliance with relevant regulations. Apart from the hosting provider, Microsoft Azure, 4C’s sub-processors are exclusively 4C group companies. To ensure high availability and the best customer service possible, 4C’s support team operates within 4C’s group companies across different jurisdiction and time zones. The support team may access the software, including Personal Data processed therein, to provide remote support. However, all data remains stored in the relevant hosting location. The 4C support team only accesses Customer Data, including Personal Data, to provide support. In accordance with GDPR, 4C has intercompany agreements in place between our group companies, including standard contractual clauses. 4C has further conducted transfer impact assessments regarding potential third country transfers.
  • Incident Response and Reporting
    4C has established robust internal guidelines and processes for addressing potential cyber incidents that may impact Personal Data. In the event of such an incident, 4C will notify affected customers as per the notification time frame set out in the contract or without undue delay, but not later than 72 hours after becoming aware of the incident.
  • Request for Personal Data
    In the event that 4C receives a legal request for Personal Data or an inquiry from an individual regarding their Personal Data, 4C will, unless prohibited by law, promptly inform the Customer. 4C will disclose data solely as mandated by legal requirements.

Compliance, Certifications and Accreditations

We follow guidelines and best practices in accordance with the 27001 standard for information security management system. In that respect, we have implemented comprehensive security measures, best practices and processes to protect sensitive data, mitigate cybersecurity risks, and ensure the confidentiality, integrity and availability of information.

Sign up for a Resilience Health Check

Get in touch

Book a demo or receive information regarding our solutions

Contact us

Thank you!

Your submission was successful.