Reliability

Tracking Cellebrite resources is a key component of our cybersecurity strategy. Every critical asset is assigned an owner, with accountability closely monitored. When hardware is replaced, software updated or resources modified, Cellebrite enforces processes to ensure all critical assets remain updated and secure.

Cellebrite follows the principle of least privilege by restricting configuration changes within our security systems to authorized security engineers. We use configuration management tools in our production environments to control server configurations and changes. All critical changes undergo thorough review and approval in accordance with our change management process.

Security monitoring is a combination of systems and people. Cellebrite has various security monitoring solutions to identify potential exposures and risks.

The Cellebrite Security Operations Center (SOC) team monitors and responds to security threats and monitors our critical assets, systems, and network to properly detect and identify any suspicious activity or anomalies. In the event of a potential security incident, our analysts are trained to quickly assess the risk and act based on our Incident response policy and playbooks.

Cellebrite policies ensure that engagements with third parties are, where applicable, subject to a review and approval process by Cellebrite procurement and security teams. The third parties are required to comply with security requirements as a part of the engagement process.

Cellebrite has a formalized Incident Response Plan (IRP) which is validated periodically and annually exercised. The IRP outlines the process of security incident identification, classification and management including a post-incident debrief.

At Cellebrite, our foremost priority lies in safeguarding the continuity of our business operations and facilitating swift recovery processes to ensure seamless service availability. By identifying and mitigating potential threats and vulnerabilities, we strive to minimize interruptions to critical functions during and after incidents. Our production services are strategically hosted on AWS across multiple availability zones, bolstering redundancy and guaranteeing operational resilience in the face of data center outages. Moreover, we prioritize data resilience by storing backups across diverse geographic regions, enabling rapid service restoration in the event of regional disasters. Our unwavering commitment to business continuity and recovery underscores our dedication to delivering dependable and uninterrupted services to our valued customers, even amidst unforeseen challenges or calamities.

Cellebrite maintains a global Disaster Recovery Program (DRP) which is reviewed, tested and updated periodically. To prevent data loss, Cellebrite performs continuous data replication and backup across all data centers. Our DRP ensures the consistent performance of critical services and minimizes data loss in the event of a natural disaster or system failure. Cellebrite operates a backup program to ensure the restoration of scoped business data, in case required. Cellebrite’s vast business applications are SaaS-based to ensure high service availability and continuity of services.