Use this page to understand security risks you may need to plan for, and Silverstripe’s security commitment.

WARNING

This customer guide provides general security guidance intended to assist in the optimal use of our services. Users are responsible for implementing and maintaining their own security measures, and the guidance below does not transfer any responsibility or liability to Silverstripe.

Please note that commercial limitations and service level exclusions apply, as detailed under signed agreements.

For specific security needs and advice tailored to you, we recommend consulting with a qualified security professional.

Silverstripe’s security commitment#

Silverstripe’s managed services provide service management, 24/7 monitoring, security assurance, and continuous improvement which aligns with ISO27001:2022 security standards. Our commitments are:

  • ISO27001:2022 controls and standards
  • Secured Infrastructure with ISO compliant and audited security, including managed stability support and 24/7 monitoring
  • Data privacy compliant with local and international data protection regulations
  • Access controls implementing role-based access to ensure protected data and analytics.

Customer security planning guidance#

To achieve a high-standard of security maturity, customers can add the following security risks to their security plans.

NOTE

More information is available on best practices for using and implementing Silverstripe Search, refer to Security Best Practices

When planning your security around Silverstripe Search, please be aware of some key risks:

Event Consequences Silverstripe's commitment Recommendations
You might cause private data to become publicly available when configuring a document’s field as publicYour protected data may be unexpectedly disclosed
  • Awareness training/guides to support customers
  • Commercial terms to signal service boundaries
  • Data loss prevention security controls
  • Best effort support for security vulnerabilities in our SDKs
  • Check implementations using Silverstripe’s SDKs for security assurance
  • Keep up-to-date, Silverstripe CMS and Silverstripe CMS modules
  • Perform frequent reviews of public data configurations
  • Plan additional security controls to protect against data leakage
Your data might be exfiltrated or leaked from Elastic, the Silverstripe Search dependencyYour protected data may be leaked
  • Security evaluation of Elastic
  • Frequent security audits of our integrations to Elastic
  • Awareness training/guides for technical support
  • Dedicated security plans and controls for Elastic dependencies
  • Perform frequent checks for information stored on Silverstripe Search to check that only the correct data is used
An attacker may exploit an entry point to Elastic, the Silverstripe Search dependencyYour protected data may be leaked
  • Role-specific training for all staff controlling or distributing access to Elastic tools
  • Frequent security access reviews
  • Configuration controls that govern access to Elastic tools
  • Dedicated security plans and controls for Elastic dependencies
  • Keep access credentials updated with strong password security standards
  • Do not share accounts or access credentials
  • Perform frequent access reviews of accounts with access to Silverstripe Search

Security risk maturity#

We recommend all customers implement security practices and planning:

Further support#

Check the FAQ - Frequently asked questions.