CIS Software Security & Data Protection

CIS software cybersecurity system showing secure data protection and system integrity

CIS Software is designed to provide a secure, reliable environment for managing quality, compliance, and operational data. Our security approach combines hardened cloud infrastructure, layered server protection, controlled application access, and secure backup and recovery processes.

Secure Cloud Infrastructure

CIS Software is hosted on secure infrastructure provided by Liquid Web in the United States. Liquid Web combines advanced security technologies with 24/7 monitoring and incident response capabilities to help protect hosted systems and services.

Our hosting environment is supported by infrastructure and services aligned with recognized security and compliance frameworks, including NIST 800-53, SOC 2, PCI-DSS, and ISO 27001.

Additional security and compliance information is available through Liquid Web’s published Privacy Policy, Security Overview, and Compliance documentation.

Many customers ask about NIST 800-171. This standard is focused on protecting the confidentiality of Controlled Unclassified Information (CUI). In practice, security responsibilities are shared. CIS and its hosting providers are responsible for protecting the infrastructure and application environment, while each customer is responsible for managing the data they enter, user permissions, and internal information handling practices within their organization.

Advanced Server Protection

Our server environment includes multiple layers of protection designed to reduce risk and improve resilience.

These protections include intrusion detection and security monitoring, file-level malware protection, hardened server configuration, and firewall protection at both the operating system and network levels.

Our server includes intrusion detection capabilities to support real-time monitoring of critical systems, identification of suspicious behaviour, and rapid investigation when anomalies are detected.

We also use file-level security protection to monitor launched, opened, and modified files. Where a threat is detected, files can be disinfected, quarantined, or removed to help maintain system integrity.

In addition, the server is protected by firewall systems and hardened configurations designed to optimize the operating environment using security best practices.

Backup, Recovery & Redundancy

To support data protection and business continuity, CIS uses multiple backup and recovery safeguards.

These include server backups, RAID-based drive redundancy, and encrypted off-server backups.

Key backup and recovery features include off-server backup storage, encrypted backups, fast recovery capability, minimal impact on server resources, and efficient backup windows.

CIS Application Security

In addition to cloud and server protections, CIS Software includes application-level security controls designed to help customers manage access and maintain system integrity.

CIS is designed to limit information system access to authorized users, approved processes acting on behalf of those users, and permitted devices. Access to transactions and functions is controlled based on user roles and permissions.

The system supports user identification and authentication before access is granted. Connections to external systems can be verified and controlled, and publicly accessible components can be logically separated from internal systems where required.

CIS also supports the identification, reporting, and correction of system issues in a timely manner, along with ongoing protection from malicious code through the security mechanisms in place at the server and application environment levels.

Because CIS is intended for controlled internal use within organizations, it does not rely on open external file ingestion workflows. This reduces exposure to file-based threats from uncontrolled outside sources.

Access Control & System Use

CIS is built to help organizations control who can access the system, what they can see, and what actions they are permitted to perform.

This includes restricting access to authorized users, limiting available functions by role, identifying users at login, and verifying credentials before system access is allowed.

User login information, including last login date, is maintained to support administrative oversight and account management.

Supporting Documentation

For organizations that require additional verification, supporting third-party security and compliance documentation is available through Liquid Web’s published resources.

Detailed customer-specific security discussions can also be addressed during the CIS review and qualification process.

New in 2022 – Locked Tight!

CIS Software continues to evolve with security and system integrity in mind, helping organizations operate with confidence in a protected cloud-based environment.

New in 2022 – Locked Tight!

Supporting Security & Compliance Information

For organizations requiring additional verification, the following third-party resources provide further details on infrastructure security, privacy, and compliance:

Detailed security documentation and customer-specific discussions can also be provided during the CIS review and qualification process.