One of the main objectives of the Code is to help ensure disclosure of essential information so that consumers of Cloud Services can make better business decisions based on this information. The information on this page addresses the public disclosure requirements of the Code.
Webroot Services Limited is a privately held company backed by some of the security software industry’s leading venture capital firms, including Technology Crossover Ventures, Accel Partners and Mayfield and is a wholly owned subsidiary of Webroot Inc.
The Board of Directors includes Dick Williams, President and CEO; Stan McKee Member and Audit Committee Chair, Quentin P. Gallivan; Theresia Gouw; Jake Reynolds and Robin Vasan. The Webroot Inc. Senior Executive Management Team consists of Dick Williams, CEO; Jeff Santelices, VP of Worldwide Demand Fulfilment; John Post, CFO; Mike Malloy, Executive VP of Products and Strategy; Kenton Sieckman, Chief Excellence Officer and David Duncan, CMO.
Webroot Services Limited was formed in November 2002 as a limited company and is registered in England as company number 4597759.
The Cloud Industry Forum Code of Practice applies to all of Webroot’s cloud-based security solutions offered through Webroot Services Limited.
Our cloud-based security solutions include:
All of our SaaS cloud services are suitable for all public and private vertical business sectors. For datacenter resilience, and to accommodate roaming and mobile user performance, we operate a global infrastructure based in the UK, USA, Ireland, Australia, and Singapore. Local sales and support from Webroot Services Limited is available in both the UK and Ireland.
Webroot are not members of the Cloud Security Alliance and have not participated or completed the Consensus Assessments Initiative Questionnaire. Details of our Security arrangements are however available on request, under NDA.
Webroot Services Limited has completed the Self-Certification against the ‘Code of Practice for Cloud Service Providers’ (the ‘Code’) of the Cloud Industry Forum (‘CIF’, at www.cloudindustryforum.org), which the mark above demonstrates. Clicking on the mark will take you to the CIF website where supporting information for this Certification is available.
Webroot Services Limited is committed to the Code. One of the main objectives of the Code is to help ensure disclosure of essential information so that consumers of Cloud Services can make better business decisions based on this information. The information on this page addresses the public disclosure requirements of the Code.
NOTICE: While Webroot Services Limited has made the commitment to the Code and has been self-certified as compliant with the Code, customers/third parties shall note that information or certification provided by the Cloud Industry Forum does not constitute advice from or endorsement by the Cloud Industry Forum. The Cloud Industry Forum disclaims any and all liability arising out of the use of services or otherwise of certified organizations. Where disclosed information or capabilities as specified by the Code of Practice are essential in purchasing cloud services from a certified organization, it/these should be cited contractually. Professional advice appropriate to specific circumstances should always be obtained.
Webroot accepts direct responsibility for all aspects of its SaaS cloud services provision, including those of our third parties, under the standard terms and conditions laid out within our Customer contracts.
We provide Customers’ with guaranteed SLA’s around the availability and resilience of our services that as a minimum guarantee 99.99% uptime. And, to avoid service or technical failures in our supply chain, Webroot operates our ‘cloud’ based services through different hosting providers. Architecturally, we operate Primary, Secondary and Tertiary processing in different locations to ensure no single points of failure and the continuous high availability of our SaaS services.
Webroot’s suppliers do not have a direct or indirect responsibility to Webroot’s Customers apart from under the terms laid out under our Master Services Agreement. In the circumstances of Webroot ceasing trading a refund would be made to customers’ for the unused portion of their agreement and all data returned.
Should a Webroot Customer go into liquidation or administration, and a Customer of theirs request access to their data, we will (based upon proof of ownership and subject to any legal assignations or local regulatory restrictions) fully and timely comply with their request for their data.
In cases where a Customer’s assets are legally transferred to another entity we will return the Customer’s data to the new legal entity. Any discussions held with a Customer or their Customers’ as a result of their administration or liquidation will be sympathetically and fairly based around the terms within our standard terms of contract.
In addition to our commitment to the Cloud Industry Forum Code of Practice Webroot Services Limited is happy to provide relevant case histories and telephone customer references.
In addition full copies of our Master Services Agreement and SaaS Cloud solution SLAs may be found here: http://www.webroot.com/gb/en/master-service-agreement/
And, a Webroot Services Limited Cloud Industry Forum Customer Information Pack to clarify our key trading terms and conditions is available here.
SAS70 -1 - Audit conducted by KPMG on the Webroot Web Security Service - April 2011. This audit is available on request under NDA. This supports the Provisions for Information Security required under the CIF Code.
PCI DSS Payment Card Industry Data Security Standard – Webroot is fully PCI compliant and all staff are tested and Webroot is audited annually for adherence to PCI compliance. This standard of information handling reflects Webroot’s due care of all customer data and the Provisions for Information Security required under the CIF Code.
ISO 27001/2 - Webroot partners with Amazon and their EC2 infrastructure to deliver our SaaS solutions. AWS’ Security Team has established an information security framework and policy based on the COBIT framework and is transitioning to a framework based on ISO 27002 controls. AWS Security maintains the security policy, provides security training to employees, and performs application security reviews. These reviews assess the confidentiality, integrity, and availability of data, as well as conformance to the information security policy. They help to support the Data Protection and Provisions for Information Security required under the CIF Code.