Properties

About Us

|

Sign In

Contact Us

Properties

About Us

|

Sign In

Contact Us

System Security and Resilience Notice

Product and Service Security

All product systems are scanned for vulnerabilities at least annually, or in response to any significant changes to our Services, and all vulnerability findings are reported, tagged, and tracked to resolution. Records of findings are retained for a minimum of 5 years. Penetration testing is performed by CRED’s security team and/or an independent third party. Findings from a vulnerability scan and/or penetration test are analyzed in conjunction with the Security Officer, IT and our engineering team.

CRED adheres to a Software Development Lifecycle Policy. This policy defines the process requirements for providing business program managers, business project managers, technical project managers, and other program and project stakeholders guidance to support the approval, planning, and life-cycle development of CRED Investments software systems to ensure their processes are repeatable, and that they maintain Personal Data secure and confidential at every stage of the process.

We thoroughly assess our code for functionality and potential security efficacy at each stage of development and maintenance. All software deployed on Corporate or Hosted infrastructure actively addressed security issues covered by SAN and OWASP. Any modifications to the source code follow established change management procedures. Prior to deployment, our code undergoes both automated and manual testing.

CRED's APIs are built to deliver a reliable and scalable solution for Corporate Clients, while ensuring security measures. Every API request requires authentication using the account holder's confidential API key via HTTP Basic Auth. We also extend support for OAuth 2.0, enabling third-party applications to access our service. To protect against malicious traffic, CRED implements a range of rate limiting controls.

Data Encryption

CRED’s Encryption Policy defines organizational requirements for the use of cryptographic controls, as well as the requirements for cryptographic keys, including Virtual Private Network keys and website SSL Certificates, in order to protect the confidentiality, integrity, authenticity, and nonrepudiation of information. This policy applies to all systems, equipment, facilities and information within the scope of CRED’s information security program. All employees, contractors, part-time, and temporary workers, service providers, and those employed by others to perform work on behalf of CRED having to do with cryptographic systems, algorithms, or keying material are subject to this policy and must comply with the policy and its guidelines.

CRED’s Encryption Policy defines organizational requirements for the use of cryptographic controls, as well as the requirements for cryptographic keys, including Virtual Private Network keys and website SSL Certificates, in order to protect the confidentiality, integrity, authenticity, and nonrepudiation of information. This policy applies to all systems, equipment, facilities and information within the scope of CRED’s information security program. All employees, contractors, part-time, and temporary workers, service providers, and those employed by others to perform work on behalf of CRED having to do with cryptographic systems, algorithms, or keying material are subject to this policy and must comply with the policy and its guidelines.

Surveillance and Monitoring

We have established a resilient health monitoring system that incorporates alerts for various operational incidents. These alerts cover a wide range of aspects, including database read/write errors, disk space utilization, free memory, CPU utilization, system scaling policies, service-specific alarms, and HTTP errors. This proactive approach enables us to detect operational incidents at an early stage. To ensure efficient incident response, we have defined, documented, and approved incident response procedures under the oversight of management. In addition, we actively monitor alerts for potential malicious activity by leveraging multiple sources. This comprehensive monitoring approach enables us to gain insights into container activity, track unauthorized file system access, identify suspicious network communications and process executions, and detect anomalous container events.

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Business Continuity

CRED maintains a Business Continuity Plan ensuring the continuity of our operations and that all Services  and their supporting infrastructure are secured and maintained in the Cloud, testing re-deployments and assessing any damage to the environment, as well as assessing and responding to all cybersecurity related incidents. These duties are executed cross-departmental between HR, Engineering, the Security Team, and our CEO

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Access to your information

  • Request correction of your personal data

  • Request deletion of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Right to withdraw consent

  • Right to review by an independent authority

If you wish to exercise any of the rights set out above, please contact us at privacy@credinvestments.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). 

CRED may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. CRED may also contact you to ask you for further information in relation to your request to speed up our response.

CRED will endeavor  to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Disaster Recovery

CRED has a disaster recovery plan that outlines roles and responsibilities for key personnel involved in business continuity, our plan to activate and respond to a disaster by detecting, assessing and classifying any damage, our recovery plan to restore temporary operations and recover damage done to the original systems, and the reconstruction to restore system capabilities to normal operations. Exercises are performed at least annually to assess the various teams readiness and ability to exercise the plan.

CRED has a disaster recovery plan that outlines roles and responsibilities for key personnel involved in business continuity, our plan to activate and respond to a disaster by detecting, assessing and classifying any damage, our recovery plan to restore temporary operations and recover damage done to the original systems, and the reconstruction to restore system capabilities to normal operations. Exercises are performed at least annually to assess the various teams readiness and ability to exercise the plan.

Vendor Security

CRED has in place a Vendor Management Program that establishes requirements for ensuring third-party service providers/vendors meet CRED’s requirements for preserving and protecting the data and information of CRED and its Corporate Clients. This program applies to all vendors and partners who have the ability to impact the confidentiality, integrity, and availability of CRED and its Corporate Clients' sensitive Personal Data. This program also applies to all employees and contractors that are responsible for the management and oversight of vendors and partners.

CRED has in place a Vendor Management Program that establishes requirements for ensuring third-party service providers/vendors meet CRED’s requirements for preserving and protecting the data and information of CRED and its Corporate Clients. This program applies to all vendors and partners who have the ability to impact the confidentiality, integrity, and availability of CRED and its Corporate Clients' sensitive Personal Data. This program also applies to all employees and contractors that are responsible for the management and oversight of vendors and partners.

Incident Reporting

If you have any questions about CRED’s security program or you need to escalate a security concern, please contact us at privacy@credinvestments.com. We have a team responsible for security incident response that can assist. To report an identified security vulnerability in our applications, please email us at privacy@credinvestments.com.

If you have any questions about CRED’s security program or you need to escalate a security concern, please contact us at privacy@credinvestments.com. We have a team responsible for security incident response that can assist. To report an identified security vulnerability in our applications, please email us at privacy@credinvestments.com.

Properties

About Us

Go To Top

Privacy Policy

Terms of Service

Master Service Agreement

Data Processing Agreement

System Security Notice

Trust

Legal Disclaimer

© 2024 CRED. All rights reserved.

At CRED, we are committed to the highest standards of data security and privacy. To affirm our dedication, we are fully SOC 2 and GDPR compliant, having undergone rigorous third-party audits to verify our data handling practices meet all criteria for security, availability, processing integrity, confidentiality, and privacy.

Go To Top

Properties

About Us

Privacy Policy

Terms of Service

Master Service Agreement

Data Processing Agreement

System Security Notice

Trust

Legal Disclaimer

© 2024 CRED. All rights reserved.

At CRED, we are committed to the highest standards of data security and privacy. To affirm our dedication, we are fully SOC 2 and GDPR compliant, having undergone rigorous third-party audits to verify our data handling practices meet all criteria for security, availability, processing integrity, confidentiality, and privacy.