CSM Security and Data Privacy
The information provided here is supplemental to the Prenger Solutions Group general security statement found here. This document is specific to Catholic Social Media (CSM). This document does not encompass our Terms and Conditions for use of the application. Please refer to Catholic Social Media terms and conditions here.
CSM also complies with Prenger Solution Group’s overarching security policy, found here.
Environments and Development Operations
Locations
CSM services and data currently reside in Amazon Web Service’s (AWS) Oregon, North Virginia and Ohio regions. CSM has a hosted PostgreSQL database, and we use Cognito for user identity management.
Customer data resides in the same database. Access to data and processes from the application are specific to the user’s organization, role, and subscription status. All data is encrypted and backed up nightly.
Lifecycle Management
CSM has separate development, staging, and production environments. Procedural steps are taken at every level to ensure quality and prevent bugs from being released into the active environment. Our platforms utilize role-based access guidelines so that users are limited to the environments with the lowest level of access needed.
We follow standard SDLC process for change management to reduce risk and ensure quality and security in CSM.
Additional Security Measures
In addition to the ‘Well Architected Framework Review’ PSG uses a third-party auditor for penetration testing any time there is a major change to architecture. This ensures that we are maintaining a high level of integrity and limiting risk for all users. For more information visit Ongoing Testing Services.
Data Sources and Usage
CSM is primarily a content management and publishing system. Creative content is developed and stored in S3 buckets protected by AWS’s security features. No sensitive data is collected or stored. In addition, all uploaded content is scanned for malware to prevent the introduction of viruses into the platform.
* Customers may request that we terminate their account and delete their history from the database at any time.
** We may periodically analyze aggregated data across customers to measure customer success in accordance with our role-based access policy. This analytics does not involve any personally identifiable information from our customers.
Other Integrations
CSM integrates with the following platforms who have all been vetted for proper security practices and compliance.
