We combine enterprise-class secure development and operations to build security into our software and underlying infrastructure.
We follow industry standards, such as the OWASP Top 10 and best practices for our technology stack, to build security into our platform during development and testing. In addition, ChannelAdvisor engages with third-party security experts to perform manual web application and network penetration testing on a regular basis. ChannelAdvisor clients are prevented from accessing the data of other clients through a robust application security model, which is reapplied with every request and enforced for the duration of a user session.
Data Protection & Privacy
To assist companies in selling and advertising their products online, ChannelAdvisor may collect personal data on our customer’s behalf. We maintain technical and organizational processes and protections for personal data in compliance with the regulatory regimes under which ChannelAdvisor operates, including the EU’s General Data Protection Regulation and the California Consumer Privacy Act. Personal data is retained only as long as needed to perform our contractual obligations, or for other legitimate business reasons.
ChannelAdvisor’s continuous delivery approach to application development means we can deliver changes and upgrades to our applications without impact to availability. ChannelAdvisor uses a suite of monitoring tools to monitor the availability of its services and provide real time alerting to our teams in the event a service becomes unavailable. In addition, we monitor systems for resource utilization to avoid negative impacts on service availability.
ChannelAdvisor allows customers to create unique, individual logins and manage the access level for each individual user in their organization. Customers define roles and groups, giving them the ability to enforce role-based access controls to specific modules in our system.
ChannelAdvisor encrypts all personal data in transit and at rest. ChannelAdvisor uses industry accepted secure protocols and encrypts data at rest with AES 256 bit encryption.
Security & Privacy Training
All ChannelAdvisor employees receive security and data privacy training on an annual basis.
ChannelAdvisor keeps up-to-date on any breaking security alerts, software and system patches, and other relevant updates via the CERT/CC industry alert subscription list and repository. ChannelAdvisor also monitors security alerts from vendors and partners. The necessary updates or patches are applied to the system with priority based on the severity of the issue.
ChannelAdvisor’s production servers are located in a data center co-location and in cloud service provider environments. The facilities have relevant industry certifications and provide state-of-the-art network operations centers, advanced security and monitoring systems, sophisticated fire suppression systems and redundant utility transformers, generators, automatic transfer switches, main switch panels, and uninterruptible power supplies.
ChannelAdvisor’s team has installed redundant firewalls and intrusion detection systems to monitor and protect the network perimeter. System servers and firewall log files are continuously scanned and monitored by automatic applications that record performance and availability.
Operating Systems and Subsystems
ChannelAdvisor protects its operating systems by using a minimal number of access points to all production servers and enforcing strong authentication and authorization for access. Operating systems are strengthened by continuous maintenance, including updating patch levels for security, and disabling and removing unnecessary users, protocols, and processes.
Security and Data Privacy Standards
ChannelAdvisor has taken all necessary steps and maintained processes and protections for personal data in compliance with the General Data Protection Regulation of the European Union (“GDPR”). For information on how ChannelAdvisor complies with the GDPR, please visit this FAQ page.
ChannelAdvisor does not sell personal data and our data handling practices comply with the California Consumer Privacy Act (“CCPA”). For information on how ChannelAdvisor complies with the CCPA, please visit this FAQ.
Reporting a Security Vulnerability
At ChannelAdvisor we incorporate security into our development processes and strive to keep our platform secure. In line with this we want to offer a path for reporting vulnerabilities identified in our public websites and products.