The CLARIFIRE application is delivered to our clients as a Software as a Service (SaaS) solution through
either a secure internet or private network connection for authorized users and systems. The application operates within our
SOC 2 Type II
attested to Clarifire Private Cloud (CPC) secure hosting solution.
By operating under this model and compliance framework, Clarifire is able to provide and manage a secure, compliant, cost effective, innovative, leading workflow solution for our clients.
Cybersecurity is of the upmost importance and a key component of Clarifire's security framework, as individuals, organizations, and nation-states can exploit vulnerabilities with an intent to steal information, disrupt services, destroy data, or threaten the delivery of essential services. Clarifire ensures our cybersecurity controls are up-to-date and tested by maintaining an annual AICPA SOC 2 Type II attestation report for all 5 Trust Service Principles (Security, Availability, Processing Integrity, Confidentiality, and Privacy).
An independent CPA firm is engaged to perform an annual attestation examination and report in accordance with the AICPA Attestation Standard 101 (AT101). In addition to the report, the service auditor assists in the updating of our complementary control mapping matrix, which is completed via the Cloud Security Alliance’s (CSA) Cloud Controls Matrix (CCM), evidencing our ability to comply with controls for other frameworks such as NIST 800-53, FedRAMP, PCI-DSS, HIPAA/HITECH, ISO27001, COBIT 5 and others. As part of our compliance strategy, Clarifire has submitted the required business case seeking prioritization by the Joint Authorizations Board (JAB) for processing of our FedRAMP Provisional Authorization to Operate (P-ATO). Simultaneously, we are actively pursuing a Readiness Assessment Report from our Third Party Audit Organization (3PAO).