Trust Center

Security

Sirion, through its Software as a Service (SaaS) Contract Lifecycle Management (CLM) product, helps enterprises around the world to streamline their contracting processes, gain deeper insights into their agreements, and manage risk effectively. Security is embedded into our product design, our operational processes, and our company culture. Our comprehensive, AI-powered Contract Lifecycle Management (CLM) solution is built on a foundation of enterprise-grade security measures, ensuring that our customers can operate confidently in today’s complex digital landscape.

Our Approach to Security

At Sirion, security is a core design principle. We have built a security program that spans people, processes, and technology to protect your data at every level. Our approach is proactive and continuously evolves to counter emerging threats while upholding the highest industry standards.

The Sirion Security Program

Sirion maintains a comprehensive information security management program to ensure the confidentiality, integrity, and availability of customer data. Our security program includes:

• Information Security Policies
• Asset Management
• Application Security
• Cloud Security
• Physical and Environmental Security
• Operations Security
• System Acquisition, Development and Maintenance
• Supplier Relationships
• Information Security Incident Management
• Business Continuity Management

Cloud hosting security

Cloud platforms like AWS, Azure, Oracle, and IBM deliver scalable, reliable, and secure infrastructure. Their rigorous security and compliance standards—aligned with frameworks such as ISO 27001, SOC 2, and SOC 1—are critical for enterprise-grade applications.

Sirion’s CLM platform is deployed on these trusted cloud providers, ensuring that our infrastructure meets global security, privacy, and regulatory requirements. This partnership guarantees high availability, performance, and a robust security experience for our customers.

Network Security

Effective network security involves the segregation of systems, continuous monitoring for intrusions, and proactive measures against distributed attacks, ensuring that the network remains resilient against external threats.

We employ industry-standard practices such as:

• Network Segregation to isolate sensitive systems
• Intrusion Detection and Prevention Systems (IDPS) for continuous monitoring
• DDoS Mitigation to counter volumetric attacks
• Regular Vulnerability Assessments and Penetration Testing
• Web Application Firewalls (WAF) to shield our applications

Data Security

Protecting data both in transit and at rest is fundamental. Encryption, logical segregation, and strict access controls are essential to ensure that sensitive information remains secure.

• Data in Transit: Secured using TLS 1.2 or higher.
• Data at Rest: Encrypted with AES-256 to ensure robust protection.
• Logical Segregation & Access Controls: Ensuring customer data is isolated and accessible only to authorized users, supported by regular backup and recovery tests.

Application Security

Secure software development and continuous monitoring are crucial for protecting applications from vulnerabilities throughout their lifecycle.

We integrate security into our Software Development Lifecycle (SDLC) by:

• Secure software development practices
• Conducting Regular Code Reviews and Automated Security Testing
• Implementing Continuous Monitoring and Real-Time Alerts
• Engaging in Third-Party Security Assessments and Bug Bounty Programs

Operational Security

Day-to-day operations require constant vigilance through monitoring, controlled change management, and rigorous incident response to maintain security and continuity.

• 24×7 Security Monitoring to detect and address anomalies swiftly
• Well-Defined Incident Response Procedures that are regularly tested
• Structured Change Management Processes to ensure all modifications are carefully reviewed and approved
• Comprehensive Logging and Monitoring to maintain audit trails and accountability

Access Control

Effective access control mechanisms ensure that only authorized users can access sensitive information, reducing the risk of data breaches.

• Role-Based Access Control (RBAC) with granular permission settings
• Multi-Factor Authentication (MFA): Enforced for all user accounts
• Single Sign-On (SSO): Integration using SAML 2.0 for seamless yet secure access
• Regular Access Reviews: To enforce the principle of least privilege
• Automatic Session Timeout and Account Lockout Policies

Business Continuity and Disaster Recovery

An effective business continuity and disaster recovery plan minimizes downtime and ensures that operations can resume swiftly after an incident.

• Comprehensive Continuity Plans: Regularly tested to guarantee readiness
• Regular restoration testing of Backups
• Geographically Dispersed Data Centers: For high availability
• Defined RTO and RPO Standards: Aligned with industry best practices to ensure rapid recovery

Third-Party Risk Management

Vendors and partners can introduce additional risk; thus, a rigorous vendor assessment and ongoing monitoring process is vital.

• Robust Vendor Assessment Process: Evaluating third-party security practices
• Regular Security Reviews: To ensure continued compliance
• Contractual Obligations: Mandating that vendors adhere to our security standards
• Continuous Monitoring: To proactively address third-party risks

Employee Security

Employees are the first line of defence. Ensuring that they are vetted, trained, and adhere to strict security protocols is essential.

• Comprehensive Background Checks for all new hires
• Ongoing Security Awareness Training and Phishing Simulations
• Strict Internal Security Policies: Including controlled access to production environments

Continuous Improvement

Security is an ongoing journey. Regular assessments, audits, and technological updates are essential to staying ahead of emerging threats.

We are committed to continuous improvement by:

• Conducting regular Risk Assessments and Security Audits
• Performing Penetration Tests to identify and mitigate vulnerabilities
• Regularly Updating Security Policies and Procedures
• Investing in the latest security technologies and tools to reinforce our defences

For more information about our security practices or to report a security concern, please contact our security team at [email protected]