Class Action Claims Management is SOC1-SSAE 16 Type II certified. The highest priority at CACM is the security and confidentiality of our client's data. To ensure the integrity of our systems, CACM has undergone the rigorous SOC 1-SSAE 16 Type II (formerly SAS 70 Type II) audit process for the past several years.
CACM has adopted the following policies and procedures to safeguard our clients' data.
CACM utilizes only SOC 1-SSAE 16 Type II certified data centers to host its servers and applications. CACM's SOC 1-SSAE 16 audit also included an audit of the data centers that we utilize.
CACM undergoes an annual penetration testing and security audit performed by an independent third party security firm.
CACM designed, implemented and maintains its networks and affiliated systems in accordance with industry-recognized best practices as set forth in ISO 27001. A “defense in depth” strategy has been employed to minimize exposure due to the failure of one safeguard.
CACM severely restricts access to its systems and applies the Principle of Least Privilege so that processes and users are only able to access information and resources necessary to their legitimate purposes.
All access to the CACM data center must be done from our offices by VPN. We do not permit remote access to the servers by employees. We do not utilize outside vendors or consultants to provide our services.
All data transfers to our systems are encrypted and done by SFTP.
CACM has an extensive Financial Information Security Policy Manual which all employees must study and adhere to.
For additional information on CACM's security policies and procedures please feel free to contact us.