Last updated: November 19, 2025
Caseworth, CO ("Caseworth," "we," "us," or "our") is committed to protecting the confidentiality, integrity, and availability of our customers' data and our own information assets. This Security Policy outlines the principles, practices, and controls we employ to maintain a secure environment for our software-as-a-service (SaaS) platform and all associated services (the "Services").
This policy applies to all Caseworth employees, contractors, systems, and processes that handle, store, or transmit customer data or Caseworth's internal information. Our commitment is to implement and maintain a robust security program that aligns with industry best practices and applicable legal and regulatory requirements.
Our security program is built on a foundation of risk management and continuous improvement, encompassing the following key areas:
| Security Area | Key Practices and Controls |
|---|---|
| Organizational Security | Dedicated security team, security awareness training, background checks for personnel. |
| Asset Management | Inventory of all hardware and software assets, data classification, and secure disposal procedures. |
| Access Control | Principle of least privilege, role-based access control (RBAC), strong password policies, multi-factor authentication (MFA). |
| Physical Security | Secure hosting facilities, restricted access to Caseworth offices. |
| Operations Security | Change management, capacity planning, malware protection, logging, and monitoring. |
| Communications Security | Network segmentation, firewall management, secure configuration of network services. |
| System Acquisition, Development, and Maintenance | Secure development lifecycle (SDLC), testing, and vulnerability management. |
| Incident Management | Defined incident response plan, regular testing of the plan, clear communication protocols. |
| Compliance | Regular audits, adherence to legal and regulatory requirements (e.g., GDPR, CCPA, CPA). |
All data handled by Caseworth is classified based on its sensitivity (e.g., Public, Internal, Confidential, Restricted). This classification dictates the minimum security controls required for its handling.
Access to customer data and production systems is granted strictly on a need-to-know basis and the principle of least privilege. Access rights are reviewed periodically and revoked immediately upon change of role or termination of employment.
Caseworth utilizes industry-leading cloud providers with certifications such as ISO 27001, SOC 1, and SOC 2. Our infrastructure is logically separated from other tenants and protected by multiple layers of security controls.
We employ continuous monitoring and regular vulnerability scanning of our infrastructure and application code. Identified vulnerabilities are prioritized based on risk and remediated according to defined service level objectives (SLOs).
We maintain a formal Security Incident Response Plan (SIRP) to address potential security breaches. The plan includes procedures for detection, containment, eradication, recovery, and post-incident analysis. Customers will be notified of security incidents affecting their data as required by law and contract.
Customer data is backed up regularly and stored securely. We maintain a comprehensive Disaster Recovery (DR) plan to ensure the continuity of the Services in the event of a major disruption, with defined Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).
Caseworth engages independent third parties to conduct regular security assessments, including:
While Caseworth is responsible for the security of the platform, customers are responsible for:
For security-related inquiries, to report a vulnerability, or to request a copy of our latest security report (subject to NDA), please contact:
Email: security@caseworth.io