CreativeX Trust Centre

Security is a top priority for CreativeX because it’s fundamental to everything we do, our customers and our product.
Our Trust Centre is designed to give you an overview of the controls and measures we have in place to safeguard your data.
Read our ISO27001 Press Release

Governance

  • ISO27001:2022 certification in place.
  • Mature Information Security Management System (ISMS) deployed.
  • Data privacy and protection policies, procedures and templates in place.
  • We are registered with the ICO under the UK Data Protection Act (registration reference ZB684122).
  • EU-U.S. Data Privacy Framework certification in place.
  • An 'AI Use Statement', Artificial Intelligence (AI) Policy and range of supplementary AI  governance documents deployed

Data Protection

  • Customer data is stored within Amazon AWS (US-East-1, US-East-2 and US-West-2) and DigitalOcean (London (LON1), New York (NYC1 and NYC3) and Amsterdam (AMS3) data centres.
  • Data is encrypted at rest and in transit (TLS1.2 or above).
  • Customer data is logically segregated.
  • Automated backup procedures are in place.
  • Data retention controls are in place.
  • Business Continuity / Disaster Recovery plans in place.
  • Web Application Firewall (WAF) and DDoS protection are in place.

Platform Security

  • Single Sign-On (SSO) support.
  • Multi-Factor Authentication (MFA) enforced where Single Sign-On (SSO) is not deployed.
  • Customisable password complexity, password length and idle-timeout settings.
  • Granular Role-Based Access Control (RBAC) access levels.
  • An 'Authentication Logging API' is available to provide user login and failed login data.

Application Security / Vulnerability Management

  • Formalized Software Development Lifecycle (SDLC).
  • Annual third party CREST approved penetration testing.
  • Regular Dynamic Application Security Testing (DAST) testing.

People Security

  • All staff receive information security, data privacy and AI training at induction and periodically thereafter (at least annually). Training includes simulated phishing training
  • Background checks are completed prior to employment. The process differs based on laws, regulations and local practices in different jurisdictions.

Corporate Security

  • Mobile Device Management (MDM) tooling deployed to secure and encrypt endpoints.
  • Endpoint security, behaviour analytics and threat hunting tooling deployed.
  • Data Loss Prevention (DLP) tooling deployed.
HomeCreative QualityClient StoriesCreative LifecycleCompanyBrand ConsistencyCareersInclusive RepresentationResourcesContact
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Join our mailing list
CreativeX © 2024. All rights reserved.
StatusPrivacy PolicyTerms of UseSub-ProcessorsTrust CentreSite by Diamond Hook