Security Statement

Overview

The scope of this document relates to the Celigo CloudExtend product line as well as the employees under the Celigo CloudExtend brand.

Introduction

We would like to make two things clear. First, we respect your privacy and take significant efforts to protect all your data. Second, we would never do anything with your data that we wouldn’t be proud to tell the world about. We go to considerable lengths to ensure that all data is handled securely – keeping our Apps and your data secure is fundamental to our business.

Infrastructure

All of our services run in the cloud. CloudExtend does not run our own routers, load balancers, DNS servers, or physical servers.
Our services and data are hosted in Amazon Web Services (AWS)
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network.

Data Transfer

All data sent to or from CloudExtend is encrypted in transit using 256 bit encryption.

Questionnaire

We’ve included checklists below that answer common security related questions we hear from our customers.

Employee Security

Question	YES NO N/A
Is there a formal and approved information security policy?	Yes
Is there a clearly defined acceptable use policy for computer use, and is it enforced?	Yes
Are there clearly defined hire and termination policies and procedures?	Yes
Are background checks performed as a part of your new hire procedures?	Yes
Are there proper procedures for granting and revoking permissions upon hire and termination based on job duties?	Yes
Is there a security awareness program?	Yes

Secure Storage and Communication

Question	YES NO N/A	Comments
Do you store any customer related information?	YES	We may store user name, company name, address, and email for licensing and billing purposes. We also may store account related metadata information. Additionally we capture usage details via 3rd party applications. Examples would include login attempts, number of records updated, type of record updated.
Do you ensure that all data stored and transferred is encrypted?	Yes
Has a data encryption and storage policy and procedure been defined?	Yes

Physical Security of Data Hosting Location

Data is hosted in Amazon’s Web Services Data Centers. A brief summary is below and detailed physcial security documents are available at: https://aws.amazon.com/compliance/data-center/perimeter-layer/ and https://aws.amazon.com/compliance/data-center/controls/.

Amazon has very strict rules regarding access to the physical premises of their data centers. Only approved employees are authorized to enter and 3rd party access is scrutinized based on the principle of least privilege where request must specify to which layer of the data center the individual needs access, and are time-bound. Entry gates are staffed with security officers, monitors, and cameras. Entry badges for approved visitors requires multi-factor authentication. Physical access to AWS data centers is logged, monitored, and retained. Entrances to server rooms are secured with devices that sound alarms to initiate an incident response if the door is forced or held open. Additionally, electronic intrusion detection systems are installed within the data layer to monitor, detect, and automatically alert appropriate personnel of security incidents. Ingress and egress points to server rooms are secured with devices that require each individual to provide multi-factor authentication before granting entry or exit.

When a storage device has reached the end of its useful life, AWS decommissions media using techniques detailed in NIST 800-88. Media that stored customer data is not removed from AWS control until it has been securely decommissioned.

Network Security

Question	YES NO N/A	Comments
Is the hosting infrastructure protected by a firewall?	Yes	The firewall is enabled in the AWS infrastructure
Is there an IDS or IPS monitoring the network?	Yes	This is enabled in the AWS infrastructure
Are servers on dedicated network segments?	No	Our infrastructure is hosted on Amazon AWS

Server Security

Question	YES NO N/A	Comments
Do servers with customer data enforce a minimum password length of 8 or more characters?	Yes	A minimum of 128 bit security keys are used to access AWS.
Is two-factor authentication (2FA) used?	Yes	For access to AWS security console 2FA is enabled
Is a Host Intrusion Detection System used?	Yes

Desktop Security

Question	YES NO N/A	Comments
Does the organization require a minimum password length of 8 or more characters?	Yes
Is there a password rotation policy?	No	No rotation policy for user desktops/laptops. Rotation policy applies for master password to the cloud Identity and Access Management provider used for accessing all other systems / software. Policy requires that the master password is never stored (saved) by the user
Is two-factor authentication used?	Yes	Access to cloud IdP is protected by 2fA
Does the organization require all desktops to have antivirus software?	Yes
Are all desktop computers part of a domain?	No
Are users allowed to install applications?	Yes
Are users keyboard and monitors recorded?	No
Are users network activity recorded?	No

Monitoring and Contact

Question	YES NO N/A	Comments
Is there a 24/7 contact number for outages?	No	We’ll generally know of outages before customers report them.We have internal processes that monitor our API’s and proactively alert staff on standby. During support hours our phones are live. Outside of support hours customers will be able to leave a message.
Is there a 24/7 contact number for security incidents?	No	We’ll generally know of outages before customers report them.We have internal processes that monitor our API’s and proactively alert staff on standby. During support hours our phones are live. Outside of support hours customers will be able to leave a message.
Are logs and events monitored	Yes
For planned maintenance, can customer be notified?	Yes
For security incidents, can customer be notified?	Yes

GDPR readiness

We’re committed to supporting our customers to prepare for the General Data Protection Regulation (GDPR). We’re working on implementing our readiness program across our organization. This involves:

Conducting a gap analysis
Planning policy and product changes, specifically around data access, management and portability
Reviewing our contract commitments with our customers and vendors

At the same time we’re closely following the developing interpretations and guidelines on key provisions of the GDPR from the EU Article 29 Working Party and are adapting our plans accordingly.

We’ll be ready to share more detailed information regarding our progress soon and anticipate being GDPR ready by the May 25, 2018 deadline.

Compare All Plans

	Free Edition	Personal Edition	Enterprise Edition
	Free	$75/month/User (Billed Annually)	First user $250/month Additional users $50/month (Billed Annually)
Import data into Excel using NetSuite Saved Searches Data can be imported into Excel by using your native NetSuite saved searches
Create, Read, Update, Delete CloudExtend can be used to create new NetSuite records, bring NetSuite records into Excel (read), update (by making changes in Excel and sending back to NetSuite), and delete.
Celigo Import Filter CloudExtend templates support exclusive Data Import Filter to filter data on the fly.
User Generated Re-usable Templates All Celigo CloudExtend Excel licenses allow for end users to create reusable templates to match their workflows.
Cloud Storage for Templates CloudExtend templates are stored in the cloud and available to users wherever they choose to login from.
Support Documentation All CloudExtend licenses include access online documentation
Chat & Email Support CloudExtend paid license includes support on Chat & Email
Onboarding, Consulting, Training Customized training is available for $165 per hour.
Compatibility¹ CloudExtend is compatible with Excel 2016 desktop on both Mac and PC and works online at office.com. CloudExtend Classic Edition is included with Enterprise Edition subscriptions. Templates are not compatible between Classic Edition and Personal / Enterprise Editions.	Excel 2016+ & Office 365	Excel 2016+ & Office 365	Excel 2013+¹ & Office 365
Support for Multiple OneWorld Subsidiaries CloudExtend Personal Edition works with non OneWorld accounts. If a customer with OneWorld wants to use the Personal Edition it is restricted to one subsidiary. The Enterprise Edition will work with multiple subsidiaries.
Works with Sandbox Accounts CloudExtend will work with Sandbox accounts during trial mode for Personal and Enterprise Editions. Post trial only the Enterprise Edition will work with Sandbox accounts. Multiple Sandboxes are supported.
Support for Advanced Bin/Numbered Inventory Management Advanced Bin/Numbered Inventory and serialized inventory are supported via the Classic Edition of the CloudExtend which is available with the Enterprise Edition. Classic Edition works only on a PC and templates are not transferable with the Enterprise Edition.			²
Support for Quantity Based Pricing Quantity based pricing uses a matrix format not yet compatible with the CloudExtend Enterprise Edition. For this reason customers with quantity based pricing enable that want to update item pricing must use the Classic Edition (included with Enterprise Edition). Classic Edition works only on a PC and templates are not transferable with the Enterprise Edition.			²
Enterprise Admin Portal to Manage Licenses and Subscriptions The Admin Portal allows an administrator to add and revoke licenses as well as manage the subscription details.

Enterprise licensees also receive a license for Classic Edition which runs on Excel 2013 or higher on Windows machines only. The Classic Edition will not work on a Mac and templates are not compatible with the Personal Edition.
Classic Edition (included with Enterprise) is required for Advanced Bin/Numbered Inventory Management and to set item prices when quantity based pricing is enabled.

	Free Edition	User Edition	Enterprise Edition
	Free	$9.99/month/User (Billed Annually)	$19.99/month/user (Billed Annually)
Attach email to NetSuite records	Limited to 20 mails per month
Attach calendar events to NetSuite records	Limited to 20 Events per month
Search and attach to NetSuite records directly from Outlook Inbox
Supports NetSuite OneWorld & Non OneWorld Accounts
Support for production accounts
Support for OneWorld Accounts
Create and Edit NetSuite Record from Outlook
View NetSuite Record from Outlook
Upload email file attachments to NetSuite
Email Support
Chat & Phone Support
NetSuite Bundle
Attach OneDrive for Business/Sharepoint online files & Folder to Records
Custom OneDrive Subtab to view related files
Outlook Subtab to see mails attached by cloudextend Outlook
Actionable Events in Email (ex: approve expense reports inline in an email)
Token Based Authentication and SSO
Works on Mobile
Supports Sandbox Accounts
Automatically roll up emails attached to contacts to customers