Cien Security
& Privacy Overview

Background

Cien, Inc. understands the importance its customers place in keeping their data secure at all times. The Cien system and associated processes have been designed to ensure the highest level of protection against unauthorized access, data loss, and to be in compliance with data privacy protection laws in the jurisdictions the company operates. The founders of Cien previously created a travel booking system with credit card data that processed transactions in excess of $1B USD. During that process, they received multiple levels of PCI compliance certifications. They have carried over the same best practices to Cien, despite that Cien does not store data such as credit cards or personal identification numbers, typically targeted by hackers.

Cien incorporates security into its software development lifecycle (SDLC) using automated static code analysis alongside human review to ensure development best practices are implemented. In addition, Cien continually reviews its security infrastructure and processes as well as actively monitors for suspicious traffic patterns on its servers using proprietary and industry-recognized solutions.

Security Measures

Some examples of Cien’s security measures include:

All system access through 256bit SSL secure connections

All data stored on Cien’s servers is encrypted at rest

Cien’s operations team monitors software and application behavior 24x7x365

Enterprise-grade firewalling, routing, intrusion prevention, and behavior analytics capabilities to protect infrastructure and thwart attacks

Dynamic application scans, virus scans, static code analysis, and infrastructure vulnerability scans

Secure backup policies and automated destruction of redundant backups

Partnership with the most trusted cloud hosting providers such as AWS; data center partners are SOC 2 Type II and ISO 27001 certified and provide N+1 redundancy to all power, network, and HVAC services

Stringent password policies with limited access to production environments by staff

Tight network access restrictions to production databases

Data Protection Measures

As a global company, Cien understands the complexity of data privacy rules and has taken steps to be in compliance with the rules for the countries in which Cien operates. Within the European Economic Area (the “EEA”), Cien is considered a Data Processor, not a Data Controller. For more details please refer to Cien’s general Terms of Service: www.cien.ai/tos/.

Access to Customer Systems

The Cien app delivers value by analyzing a customer’s data using Artificial Intelligence to pinpoint ways to improve Sales Productivity. To do that, Cien needs access to the customer’s CRM (Customer Relationship Management) system (e.g. Salesforce.com). This connection is typically made through an API (Application Programming Interface) provided by the CRM vendor. Cien has taken precautions to ensure its code accesses the API in a secure, compliant, and efficient manner as to not place undue stress on the customer’s CRM system. Customers can control how frequently Cien accesses their system and what type of data gets transferred. This data access is read-only, and Cien recommends its customers grant it only read-only access. If desired, it is possible to share an existing read-write API connection/user.

Questions and Resolutions

As stated above, Cien takes the security of your data extremely seriously. If you have any questions related to Cien’s security policies, please contact security@cien.ai. Please note that the details of certain confidential processes cannot be discussed with unauthorized people. If you have questions related to Data Privacy or Cien’s Terms of Service or please contact legal@cien.ai.