Information Security White Paper commercetools platform This white paper applies to the commercetools platform running in Europe, the US and APAC

www.commercetools.com Table of Contents

Introduction 3

What is commercetools? 4

Security Culture 4 Information Security Management Information Security Controls Human Resource Security

Physical Security 5 Data Center Offices

commercetools Platform 6 System Overview API Security Payment API Product Security Data in Transit Data at Rest Data Access Restrictions Separation of Production and Non-Production Environments

Operational Security 8 Network Security Vulnerability Management Patch Management Malware Prevention Monitoring Incident Management

Security in Development Process 10

Performance Management 10

Data Backup and Business Continuity Management 10

Supplier Relationships 11

Compliance 11 Data Processing Agreements International Data Transfer Data Protection Officer Information Security Certifications

Conclusion 12 About commercetools

commercetools is the world’s leading platform for next-generation B2C and B2B commerce. To break the market out of being restrained by legacy suites, commercetools invented a headless, API-first, multi-tenant SaaS commerce platform that is cloud-native and uses flexible microservices. Using modern development building blocks in a true cloud platform provided by commercetools, customers can deliver the best commerce experiences across every touchpoint on a large scale.

commercetools has offices across the US, Europe, and Asia Pacific, with headquarters in Germany. Since its founding in 2006, commercetools software has been implemented by Fortune 500 companies across industries, from retail to manufacturing and from telecommunications to fashion.

www.commercetools.com Munich - Berlin - Jena - Amsterdam - London - Durham NC - Singapore - Melbourne

Information Security White Paper commercetools platform 13