.png)
Our application is hosted on Microsoft's Azure cloud platform with data centers located in North Europe, East US, East US (GCC), Canada East, Australia East, and UK South.
We ensure logical partitioning of customer tenants to maintain data separation and security.
To guarantee continuous monitoring and security, our platform is observed around the clock using a combination of Microsoft Sentinel, Azure Monitoring, Azure Application Insights, Zabbix, Graphana, and Sysdig. For real-time updates on our system's status, please visit our public status dashboard at https://status.coreview.com.
We ensure that all data is encrypted both in transit and at rest using AES-256 encryption.
Only metadata is collected through the Microsoft Graph API using service accounts with the Global Reader role. These accounts are secured using Conditional Access policies that restrict access to specific IP addresses.
For US Government customers, data is securely hosted within the Microsoft Azure Government Community Cloud (GCC).
Our application is hosted in Azure, leveraging Microsoft's physical data center controls.
Privileged access by CoreView personnel is strictly based on job necessity and is facilitated through a set of security facilities combined with jumpboxes, which have exclusive access to specific IP addresses.
All activities are logged in a SIEM platform, and video recordings of sessions are retained for 10 years.
Operators use Single Sign-On (SSO) with Microsoft accounts, ensuring that no credentials are stored in CoreView.
Multifactor authentication is enforced for added security.
In advanced management mode, service account details are securely stored in Azure Key Vault.
We conduct ongoing and continuous monitoring of virtual machines, networks, and services using Microsoft Defender for Cloud.
Static code analysis is integrated into our Continuous Integration process. Code quality is maintained through a rigorous Pull Request process, which is reviewed by a dedicated team of Senior Software Engineers.
We check software package vulnerabilities using Trivy.
All staff are required to complete annual security and compliance training. Background checks are conducted during the hiring process.
End-user computers are protected with tools such as Microsoft Intune, DLP, Microsoft Defender, and firewalls. We conduct constant simulations of phishing, social engineering, and other cybersecurity threats to maintain a high level of security awareness.
Only a specific set of employees, who have signed a specific agreement with CoreView, are authorized to access data centers directly in case of incidents.
We have a documented Business Continuity Plan that is tested every 12 months. Disaster Recovery and Backup/Restore procedures are regularly updated and tested as part of our Industry Standards Certification process.
Automated patching is managed through Azure Update Manager, ensuring no impact on live services. We maintain a Service Level Agreement (SLA) of 99.9%.
We use Microsoft Web Application Firewall for continuous attack protection. Regular penetration testing is conducted by a third-party security company at least once a year.
Keys and passwords are rotated constantly to enhance security.