Liquidware Security Policies and Procedures
This page provides current information about Liquidware's security status as well as links to relevant information. (August 2023)
Physical Security and Environmental Controls
Liquidware is headquartered in Palatine Illinois, and operates local offices in Alpharetta Georgia, Switzerland, Australia, and the Netherlands. The company utilizes a flexible remote work model that leverages both our collaborative office locations and the ability to take advantage of top talent. A global team allows us to utilize a 24/7, 365-day approach to continual improvement of our security practices, aligning them with most effective, best-practice, proven security approaches. Our security practices extend across our users, operations, and product development functions.
We have multiple backup systems and policies in place to continue operation fully regardless of the loss of any given physical location.
Liquidware leverages an integrated Security Stack including identity and access management, threat protection, information protection, and security management. We leverage Conditional Access to limit the countries/regions that can access our systems and resources. User access to files and systems, are consistently monitored to validate normal operation. Our systems are designed to alert us instantly to any suspicious or abnormal access or behavior of users. We use Identity Management to track access of all accounts and to validate that behavior and access line up with the appropriate granted permissions.
Liquidware completes a full external Penetration Test yearly to validate the healthy security posture of our current technologies and processes. We manage, communicate and track all of our internal IT ticket issues, creating a reliable, auditable service and request system. Additionally, we use multiple products to track any file/user issues that are outside normal operation. These issues are analyzed to determine their severity. This data then enters and updates our reporting systems and continues to establish triggers and alerts for different security events. This security log is continually monitored, and push notifications are sent to the Information Technology team, notifying them of critical or high alert security events.
Liquidware keeps a current log of all major system changes and updates to Liquidware infrastructure and software. The approver and implementer roles and identity are tracked along with the results of the update or system change. This information can be found in our Change Control document located in our Compliance site.
All Liquidware employees must complete yearly security training classes along with additional security classes to be completed if any security tests are failed. All Liquidware employees have a background check completed on them before they are accepted for employment at the company. Liquidware has all employees sign NDA, Non-Competes, and agree to all company policies before they begin working at Liquidware. We also provide whistleblower protection and reporting with a whistleblower email: email@example.com that is directed to the Liquidware Compliance Team.
Data Backup and Recovery
Liquidware has a dedicated data backup and recovery procedure that is evaluated yearly to validate that operation and recovery times meet best-practice SLAs.
Risk Management Responsibilities
Liquidware continuously manages and reviews the risks associated with the company’s operations. A report is generated and submitted yearly, which provides an overview of our adaptations to current risks and potential future challenges. We review the suggested remediation steps, complete the outlined tasks, and log them in our Change Control Logs and our ticketing system. We also complete yearly security tabletop exercises to validate our procedures and safeguards. Comprehensive notes of the results of the exercises are recorded and reviewed in postmortem activities. This information is utilized to optimize security systems and procedures on an ongoing basis.
Risk Management Program Activities
Liquidware monitors internal risks along with external risks. We continually review, scan, and update our systems related to any new security releases related to a CVE from any of the vendors of products that are used by the company. We monitor user access depending on location and sign in times and restrict access based on unusual behavior or timing. Our Security team has processes in place to constantly and proactively scan for potential malicious acts, which are then analyzed to determine appropriate preventative measures to be implemented.