Silverstripe Search customer guides

Security guide

Use this page to understand security risks you may need to plan for, and Silverstripe’s security commitment.

This customer guide provides general security guidance intended to assist in the optimal use of our services. Users are responsible for implementing and maintaining their own security measures, and the guidance below does not transfer any responsibility or liability to Silverstripe.

Please note that commercial limitations and service level exclusions apply, as detailed under signed agreements.

For specific security needs and advice tailored to you, we recommend consulting with a qualified security professional.

Silverstripe’s security commitment

Silverstripe’s managed services provide service management, 24/7 monitoring, security assurance, and continuous improvement which aligns with ISO27001:2022 security standards. Our commitments are:

ISO27001:2022 controls and standards
Secured Infrastructure with ISO compliant and audited security, including managed stability support and 24/7 monitoring
Data privacy compliant with local and international data protection regulations
Access controls implementing role-based access to ensure protected data and analytics.

Customer security planning guidance

To achieve a high-standard of security maturity, customers can add the following security risks to their security plans.

More information is available on best practices for using and implementing Silverstripe Search, refer to Security Best Practices

When planning your security around Silverstripe Search, please be aware of some key risks:

Event	Consequences	Silverstripe's commitment	Recommendations
You might cause private data to become publicly available when configuring a document’s field as public	Your protected data may be unexpectedly disclosed	Awareness training/guides to support customers Commercial terms to signal service boundaries Data loss prevention security controls Best effort support for security vulnerabilities in our SDKs	Check implementations using Silverstripe’s SDKs for security assurance Keep up-to-date, Silverstripe CMS and Silverstripe CMS modules Perform frequent reviews of public data configurations Plan additional security controls to protect against data leakage
Your data might be exfiltrated or leaked from Elastic, the Silverstripe Search dependency	Your protected data may be leaked	Security evaluation of Elastic Frequent security audits of our integrations to Elastic Awareness training/guides for technical support Dedicated security plans and controls for Elastic dependencies	Perform frequent checks for information stored on Silverstripe Search to check that only the correct data is used
An attacker may exploit an entry point to Elastic, the Silverstripe Search dependency	Your protected data may be leaked	Role-specific training for all staff controlling or distributing access to Elastic tools Frequent security access reviews Configuration controls that govern access to Elastic tools Dedicated security plans and controls for Elastic dependencies	Keep access credentials updated with strong password security standards Do not share accounts or access credentials Perform frequent access reviews of accounts with access to Silverstripe Search

Security risk maturity

We recommend all customers implement security practices and planning:

Further support

Check the FAQ - Frequently asked questions.