responsive image

CLARIFIRE® SaaS Technology



SAAS TECHNOLOGY

The CLARIFIRE application is delivered to our clients as a Software as a Service (SaaS) solution through either a secure internet or private network connection for authorized users and systems. The application operates within our SOC 2 Type II attested to Clarifire Private Cloud (CPC) secure hosting solution.

By operating under this model and compliance framework, Clarifire is able to provide and manage a secure, compliant, cost effective, innovative, leading workflow solution for our clients.

Clarifire maintains an annual AICPA SOC 2 Type II attestation report for all 5 Trust Service Principles (Security, Availability, Processing Integrity, Confidentiality, and Privacy). An independent CPA firm is engaged to perform an annual attestation examination and report in accordance with the AICPA Attestation Standard 101 (AT101). In addition to the report, the service auditor assists in the updating of our complementary control mapping matrix, which is completed via the Cloud Security Alliance’s (CSA) Cloud Controls Matrix (CCM), evidencing our ability to comply with controls for other frameworks such as NIST 800-53, FedRAMP, PCI-DSS, HIPAA/HITECH, ISO27001, COBIT 5 and others.

As part of our compliance strategy, Clarifire has submitted the required business case seeking prioritization by the Joint Authorizations Board (JAB) for processing of our FedRAMP Provisional Authorization to Operate (P-ATO).

Learn more about Clarifire's SaaS Offering as it pertains to Security, Compliance and Technology

  • Click here for a definition of Software as a Service (SaaS).
  • Click here to see what Clarifire provides for the clients!
  • Click here for a complete description of AICPA Service Organization Controls (SOC).
  • Click document link below to request copy of our most recent Clarifire Private Cloud Hosting Solution document, SOC 2 Type II Report and Cloud Security Alliance Cloud Controls Matrix (Clarifire Mappings) document.



SOCLogo

Clarifire Provides

  • Core code development, source code management, software deployments, quality assurance testing, ongoing application support, and training.
  • Customized code development as required, where Clarifire staff work with the client to develop the user stories for any customization required. Clarifire then builds, tests, deploys, and supports the releases.
  • Implementation, operations, and support of all of the Clarifire technology data centers, hardware, software and services necessary to operate the CLARIFIRE application on a 24/7 basis.
  • Standard or customized integration and interface support with various third party or client systems via real-time transactional web services/messaging or batch file interfaces.
  • The day to day operation of the application instance in accordance with contractually agreed to SLAs for:
    • Application response times
    • System availability
    • Batch Processing
    • Back-ups and recovery
    • Disaster recovery RTO and RPO
  • The maintenance and support for all security and compliance controls in accordance with the defined, adopted and attested frameworks. Clarifire maintains a SOC 2 Type II annual documented CPA attestation report for all 5 Trust Service Principles (Security, Availability, Processing Integrity, Confidentiality, and Privacy). A complementary control mapping matrix is completed via the Cloud Security Alliance’s (CSA) Cloud Controls Matrix (CCM) evidencing our ability to comply with controls for other frameworks such as NIST 800-53, FedRAMP, PCI-DSS, HIPAA/HITECH, ISO27001, COBIT 5 and others.
  • All of the required hosting hardware including servers, network switches, network routers, firewalls, DNS servers, domain controllers, file servers, load-balancers (Traffic Managers), web application firewalls, Intrusion Detection and Intrusion Prevention devices, storage area networks (SANs), proxy servers, secure managed file transmission system, and various security related appliances.
  • Any required third party software licensing (Microsoft, VMware, Dell, Cisco, F5, etc.)
  • Any utilitarian support services including Secure File Transmissions, security monitoring and reporting, Internet access into the Clarifire data centers, DNS, etc.
  • Security and software patches as required by vendors.
  • Capacity planning and reporting.
  • Adherence to rigid change and problem management process.
  • 24/7/365 staffed Systems Management Center providing proactive monitoring and support for the CLARIFIRE application and related services as well as client contact point for any problem or issue.