Information Security White Paper commercetools platform This white paper applies to the commercetools platform running in Europe, the US and APAC
www.commercetools.com Table of Contents
Introduction 3
What is commercetools? 4
Security Culture 4 Information Security Management Information Security Controls Human Resource Security
Physical Security 5 Data Center Offices
commercetools Platform 6 System Overview API Security Payment API Product Security Data in Transit Data at Rest Data Access Restrictions Separation of Production and Non-Production Environments
Operational Security 8 Network Security Vulnerability Management Patch Management Malware Prevention Monitoring Incident Management
Security in Development Process 10
Performance Management 10
Data Backup and Business Continuity Management 10
Supplier Relationships 11
Compliance 11 Data Processing Agreements International Data Transfer Data Protection Officer Information Security Certifications
Conclusion 12 About commercetools
commercetools is the world’s leading platform for next-generation B2C and B2B commerce. To break the market out of being restrained by legacy suites, commercetools invented a headless, API-first, multi-tenant SaaS commerce platform that is cloud-native and uses flexible microservices. Using modern development building blocks in a true cloud platform provided by commercetools, customers can deliver the best commerce experiences across every touchpoint on a large scale.
commercetools has offices across the US, Europe, and Asia Pacific, with headquarters in Germany. Since its founding in 2006, commercetools software has been implemented by Fortune 500 companies across industries, from retail to manufacturing and from telecommunications to fashion.
www.commercetools.com Munich - Berlin - Jena - Amsterdam - London - Durham NC - Singapore - Melbourne
Information Security White Paper commercetools platform 13