atlas by clearpeople

ClearPeople Security

ClearPeople prioritise the protection of client data.

ClearPeople is ISO 27001 certified.
The most rigorous global security standard for Information Security Management Systems.

 

ISO-14001-2015-badge-white image (5) ISO-9001-2015-badge-white

1. DATA SAFETY (ATLAS SECURITY)

The business data managed by Atlas is hosted on Microsoft 365, under each client’s tenant. The application itself is installed on each client’s tenant with no components shared across multiple clients.

Atlas leverages all the security and compliance features available in Microsoft 365, such as Identity protection, Conditional access, Information protection, Data Loss Prevention, Data Lifecycle management, Communication compliance, and many more.

For more specific details regarding Microsoft 365 security, please refer to https://docs.microsoft.com/en-us/microsoft-365/security

Application logs and some application auxiliary data is hosted in Azure within the client’s tenant under the exclusive control of each client. Infrastructure details from the application logs are secured in Azure with exclusive access to authorized people at the client’s side, inaccessible by regular Atlas users.

For more specific details regarding Azure security, please refer to https://docs.microsoft.com/en-us/azure/security/fundamentals/overview

The exact features and services used by Atlas are not publicised for security reasons, nevertheless this documentation provides a brief overview of how your data is kept safe. It is also recommended to review our Privacy Policy.

2. DATA CENTRE SECURITY (MICROSOFT 365 AND AZURE SECURITY)

Microsoft maintains an impressive list of reports, certifications, and independent assessments to ensure complete and ongoing state-of-the-art data centre security. They have many years of experience in designing, constructing, and operating large-scale data centres, which makes them an industry reference when it comes to security.

The data centre that stores Atlas's data is selected by each client organisation. Data centres are secured with a variety of physical controls to prevent unauthorised access.

3. DATA LOCATION

Clients can access the locations where their Microsoft 365 data is stored by browsing to the Microsoft 365 admin center and going to:

Settings > “Org settings” > “Organization profile” > “Data location”

Microsoft 365 provides the location where each application stores its data for each tenant. The Azure Active Directory role “Global administrator” is needed to access this information.
Atlas works with Microsoft 365 content, such as Exchange emails; SharePoint pages, files, taxonomies, …; Teams teams, channels, chats, … and more. The location for all that content can be found in the Microsoft 365 admin center as stated earlier.

Atlas application logs and some application auxiliary data is hosted in Azure within the client’s tenant. Each client determines the location where the resource group with all Atlas auxiliary resources are stored. Clients have full control over the location of the Azure resources which can be queried only by authorised users, through the Azure portal.

Atlas includes an optional package which is an integration with tyGraph SaaS analytics solution. TyGraph stores its data in Azure. Its default Azure hosting region is Azure North America, although they offer other Azure regions, such as the EU for GDPR compliance. These are available upon request. tyGraph can optionally be installed within the client’s Microsoft tenant. More details can be found in the “tyGraph Compliance White Paper”.

4. INFRASTRUCTURE SECURITY

Access to the Microsoft 365 infrastructure is managed by Microsoft and the authorised personnel that have administration control. Neither ClearPeople nor the client using the M365 services have any visibility of that infrastructure. The auxiliary Atlas elements, hosted in Azure, are protected with access restricted by each client’s policies. Global administrators at the client’s tenant will determine who has access to that infrastructure.

5. APPLICATION SECURITY

All data to and from Atlas is sent securely over HTTPS. Atlas uses Microsoft 365 encryption for data in transit, which offers several choices for administrators to adjust to company needs. All options are compliant with FIPS 140-2. This is the standard technology for keeping an internet connection secure and prevents anyone from reading and modifying any information. Any data transferred between a user and Atlas/M365 should be impossible to read or modify.

As the application and its data is fully hosted under each organization’s tenant, clients have the ability to adjust security to their specific needs. There is no risk of accidental access from unexpected sources.

All Atlas data is encrypted at rest. At-rest encryption means that all databases, files, and other storage of content have their files encrypted when they're backed up or otherwise sitting idle. If someone was somehow able to get a backup of a database or files, it would be useless, because they wouldn't have the key to decrypt it.

6. OPERATIONAL SECURITY

Atlas leverages Microsoft 365 security and compliance features such as Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Cloud (Azure), Microsoft Purview, Azure Active Directory Identity protection, Conditional Access, Microsoft Compliancy Center and will adopt any relevant new offerings from Microsoft as they become available.

Microsoft 365 is constantly monitored by Microsoft operators and by Artificial Intelligence systems in search of unusual behavioural patterns. System administrators on each tenant have reports in near-real time so they can monitor activity, alerts, incidents or known issues. Microsoft can instantly react in case a potential issue arises.

The auxiliary infrastructure hosted in Azure is monitored by each environment’s administrator as ClearPeople has no access, unless it is temporarily granted by the client on an ad-hoc basis for support purposes.

All changes made on production environments are logged and can be queried with Microsoft 365 Audit logs or Azure Audit logs.

Microsoft constantly monitors security, performance, and availability 24/7/365 on Microsoft 365 products. Discovered security issues are prioritised and resolved with the release of installation packages which are provided to clients’ administrators quickly after discovery.

7. CLOUD SECURITY

Atlas provides maximum security with complete client isolation in a modern, single-tenant cloud architecture. The whole solution is deployed in the client’s tenant providing full control to its administrators.

Atlas leverages the native physical and network security features of the cloud service, and relies on the providers to maintain the infrastructure, services, and physical access policies and procedures.

  • All client environments and data are isolated in their own Microsoft Azure Active Directory tenant.
  • All data is also encrypted in transit and at rest to prevent any unauthorized access and prevent data breaches. The Microsoft 365 platform is continuously monitored by dedicated, highly trained Microsoft experts. Microsoft 365 and Azure compliance and security features can be used by clients to further monitor their infrastructure security.
  • Encryption keys are unique per service and per tenant, which ensures data is well protected.
  • Client's data protection complies with FIPS 140-2 standards to encrypt data in transit and at rest, ensuring client data and sensitive information is always protected.
  • Role-based access controls and the least privileged access principle are implemented to restrict application access and allow tenant administrators to manage security following best practices.

8. COMPLIANCE

ClearPeople is committed to providing secure products and services across the globe. Our ISO 27001 certification provides independent assurance of ClearPeople’s dedication to protecting our clients by regularly assessing and validating the protections and effective security practices ClearPeople has in place.