Website security and compliance solutions
The most secure digital experience platform available
Get startedDesigned from the ground up to meet your security needs
Whether you’re in a highly regulated industry or simply looking for peace-of-mind security, Crownpeak has you covered. The Crownpeak DXP meets the highest industry standards for security and regulatory compliance. Your organization will benefit from industry-leading security and data protection of Amazon Web Services (AWS) – but we don’t stop there. You're further protected through layers of independent certifications and audits, along with the inherent security benefits of our decoupled architecture. This combination delivers the strongest security possible for your organization.
First-class security with Amazon Web Services
The Crownpeak hybrid-headless CMS is built on AWS. That means you benefit from the robust security and compliance protections provided by AWS.
Crownpeak is a member of the Amazon Partner Network (APN) and has achieved the Digital Customer Experience Competency. To receive this designation, APN Partners must possess deep AWS expertise and deliver solutions seamlessly on AWS.
“Everyone knows that Amazon has built their reputation on their security and data protection practices, so when we learned that Crownpeak’s platform was hosted with Amazon, we knew our customers would feel at ease.”
Our commitment
We support our deep commitment to protecting customers with an extensive program of operational controls and information security practices. Crownpeak participates in a set of industry-leading independent audits, assessments, and certifications to ensure we continually exceed customers’ security needs, including the list below.
Independent audits and certifications
AICPA SOC 2® Type 2 is an internal controls audit and report outlining how a company safeguards its customers' data and how effective its controls are. It is often used by companies evaluating cloud service providers to assess risk. The SOC 2 report provides detailed information and assurance about the controls in place relevant to security, availability, processing integrity, confidentiality, and privacy.
ISAE (International Standards on Assurance Engagement) 3000 refers to the standards used during the SOC (system and organizational controls) 2 audit and report. Using the international standards ensures the SOC report can be used by organizations globally.
In order to demonstrate an adequate level of protection for cross-border data transfers under GDPR, Crownpeak maintains EU-US and Swiss-US Privacy Shield certifications.
In order to demonstrate an adequate level of protection for cross-border data transfers under GDPR, Crownpeak maintains EU-US and Swiss-US Privacy Shield certifications.
The Better Business Bureau provides exceptional expertise in data privacy regulations and is the most trusted name in consumer dispute resolution.
The ISO 27001 certification is an international standard that certifies the management framework which Crownpeak adheres to for implementing an ISMS (information security management system) to ensure confidentiality, integrity, and availability of all corporate data which is in place and operating per the ISO 27001 required standard.
Security advantages of hybrid-headless CMS architecture
The Crowpeak Digital Experience Platform has a decoupled content deployment architecture, which means that content management is separated from content delivery. This greatly reduces the public exposure of the platform and resulting security risks. For example, administrative functions and non-live content (e.g., Stage, Dev, Draft, etc.) are not exposed publicly. With other solutions, the software that renders the live website also typically manages all content – even pre-production – increasing exposure and vulnerability. With Crownpeak, public-facing digital experiences can be built in a lightweight, security-focused manner, totally disconnected from the content repository, rather than having to expose an entire CMS application.
Vulnerability and penetration testing
In addition to regular external/third-party security checks, we allow any customer to vulnerability and penetration test the Crownpeak platform at any time. Our SaaS architecture and regular release process means that all customers automatically benefit from the resulting security patches.
Security controls for administrators
Federated Authentication
Crownpeak is fully compatible with any SAML 2.0 compliant Federated Identity Management Platform. This simplifies the login experience for your end users and gives infosec administrators greater flexibility to strengthen corporate security.
Access Control Lists
Using inheritance-based access control lists (ACLs), administrators can define access rules for all the content managed by Crownpeak. Group-based ACLs are defined to partition and regulate the functions any given group can perform. Users must have access to both the asset and the function they wish to carry out before they can perform any action on any asset.
Workflow Management
You can configure as many workflow and approval streams as necessary to support the governance rules of your organization. Every asset within the Crownpeak platform repository is subject to one of the defined workflows, which further restricts when, how, and by whom it may be manipulated.