Security & Compliance
We have thousands of security-sensitive government, health and financial clients around the world.
Designed for security
The ClickSend cloud infrastructure is housed in secure data centers, designed to satisfy the requirements of our most security-sensitive customers. The ClickSend infrastructure has been designed to provide the highest availability while putting strong safeguards in place regarding customer privacy and segregation.
The ClickSend infrastructure is protected by extensive network and security monitoring systems.. In addition, ClickSend infrastructure components are continuously scanned and tested. The ClickSend production network is segregated from the ClickSend corporate network, and access to this network is monitored and reviewed on a daily basis by ClickSend security managers. The ClickSend production network is segregated from the ClickSend corporate network and requires a separate set of credentials for access, consisting of SSH public-key authentication through a bastion host using an MFA token. This access is monitored and reviewed on a daily basis by ClickSend security managers.
ClickSend purpose-builds most of our security tools to tailor them for ClickSend’s unique environment and scale requirements. These security tools are built to provide maximum protection for your data and applications. This means ClickSend security experts spend less time on routine tasks, and are able to focus more on proactive measures that can increase the security of your ClickSend Cloud environment.
ClickSend builds its data centers in multiple geographic regions as well as across multiple Availability Zones within each region to offer maximum resiliency against system outages. ClickSend designs its data centers with significant excess bandwidth connections so that if a major disruption occurs there is sufficient capacity to enable traffic to be load-balanced to the remaining sites, minimizing the impact on you.
To help you meet specific government, industry, and company security standards and regulations, ClickSend provides certification reports that describe how the ClickSend Cloud infrastructure meets the requirements of an extensive list of global security standards, including: ISO 27001, SOC, the PCI Data Security Standard, FedRAMP, the Australian Signals Directorate (ASD) Information Security Manual, and the Singapore Multi-Tier Cloud Security Standard (MTCS SS 584). For more information about the security regulations and standards with which ClickSend complies, see the ClickSend Compliance webpage.
ClickSend provides several security capabilities and services to increase privacy and control network access. These include:
- Built-in firewalls allow us to control network access to our server instances and subnets
- Encryption in transit with TLS
De-identify message body
On request, we can de-identify the body of messages to satisfy your strict security and compliance requirements.
ClickSend offers you capabilities to define, enforce, and manage user access policies across ClickSend services. This includes:
- Identity and access management capabilities to define individual user accounts with permissions across ClickSend resources
- Multi-factor authentication for highly privileged accounts, including options for hardware-based authenticators
- Integration and federation with corporate directories to reduce administrative overhead and improve end-user experience
- ClickSend provides native identity and access management integration across many of its services plus API integration with any of your own applications or services.
Monitoring and logging
ClickSend provides tools and features that enable you to see exactly what’s happening in your ClickSend environment. This includes:
- Deep visibility into API calls, including who, what, who, and from where calls were made
- Log aggregation options, streamlining investigations and compliance reporting
- Alert notifications when specific events occur or thresholds are exceeded
These tools and features give you the visibility you need to spot issues before they impact the business and allow you to improve security posture, and reduce the risk profile, of your environment.
As a company, we don't have any major accreditations, however, our data centre vendor (AWS) is accredited with the following assurance programs/standards:
- PCI DSS Level 1
- SOC 1/ ISAE 3402
- SOC 2
- SOC 3
- IRAP (Australia)
- ISO 9001
- ISO 27001
- MTCS Tier 3 Certification
- Section 508 / VPAT
- FedRAMP (SM)
- DIACAP and FISMA
- FIPS 140-2
- DoD CSM Levels 1-2, 3-5
- IT – Grundschutz
- Cyber Essentials Plus
- Regulation 2016/679 of the European Parliament
Looking for More Documentation?
View other documents on our legal page, or contact our team today.