One of the main objectives of the Code is to help ensure disclosure of essential information so that consumers of Cloud Services can make better business decisions based on this information. The information on this page addresses the public disclosure requirements of the Code.
Company Name: Webroot Services Limited
Contact: Mr. George Anderson
Title: Product Marketing, EMEA
+44(0) 203 349 2224
Address: Venture House, Arlington Square, Bracknell, Berkshire RG12 1WA UK
Webroot Services Limited is a privately held company and is a wholly owned subsidiary of Webroot Inc. based in Broomfield Colorado USA. Webroot is backed and owned by some of the security software industry’s leading venture capital firms, including Technology Crossover Ventures, Accel Partners and Mayfield.
Board members include Dick Williams, President and CEO; Steve Cakebread; Quentin P. Gallivan; Theresia Gouw Ranzetta; Jake Reynolds and Robin Vasan. The Webroot Inc. Senior Executive Management Team consists of Dick Williams, CEO; John Post, CFO; Chris Benham, CMO; Mike Malloy, Executive VP of Products and Strategy; Kenton Sieckman,VP of Worldwide Service and Support; and David Huberman, General Counsel.
Webroot Services Limited was formed in November 2002 as a limited company and is registered in England as company number 4597759.
The Cloud Industry Forum Code of Practice applies to Webroot’s SaaS (Software as a Service) cloud-based security solutions, and add-on services, offered through Webroot Services Limited and exclusively contracted with customers in the UK and Ireland.
The security solutions covered under the CIF code of practice are:-
Our SaaS cloud services are suitable for all public and private vertical sectors. For datacenter resilience and roaming and mobile user performance we operate a global infrastructure based in the UK, USA, Ireland, Australia, Sweden and Singapore. Local sales and support from Webroot Services Limited is available in the UK and Ireland.
Within our email services Customer’s data is by default kept within the EU to clarify legal jurisdiction.
Webroot are not members of the Cloud Security Alliance and have not participated or completed the Consensus Assessments Initiative Questionnaire. Details of our Security arrangements are however available on request, under NDA.
Webroot Services Limited has completed the Self-Certification against the ‘Code of Practice for Cloud Service Providers’ (the ‘Code’) of the Cloud Industry Forum (‘CIF’, at www.cloudindustryforum.org), which the mark above demonstrates. Clicking on the mark will take you to the CIF website where supporting information for this Certification is available.
Webroot Services Limited is committed to the Code. One of the main objectives of the Code is to help ensure disclosure of essential information so that consumers of Cloud Services can make better business decisions based on this information. The information on this page addresses the public disclosure requirements of the Code.
NOTICE: While Webroot Services Limited has made the commitment to the Code and has been self-certified as compliant with the Code, customers/third parties shall note that information or certification provided by the Cloud Industry Forum does not constitute advice from or endorsement by the Cloud Industry Forum. The Cloud Industry Forum disclaims any and all liability arising out of the use of services or otherwise of certified organizations. Where disclosed information or capabilities as specified by the Code of Practice are essential in purchasing cloud services from a certified organization, it/these should be cited contractually. Professional advice appropriate to specific circumstances should always be obtained.
Webroot accepts direct responsibility for all aspects of its SaaS cloud services provision, including those of our third parties, under the standard terms and conditions laid out within our Customer contracts.
We provide Customers’ with guaranteed SLA’s around the availability and resilience of our services that as a minimum guarantee 99.99% uptime. And, to avoid service or technical failures in our supply chain, Webroot operates our ‘cloud’ based services through different hosting providers. Architecturally, we operate Primary, Secondary and Tertiary processing in different locations to ensure no single points of failure and the continuous high availability of our SaaS services.
Webroot’s suppliers do not have a direct or indirect responsibility to Webroot’s Customers apart from under the terms laid out under our Master Services Agreement. In the circumstances of Webroot ceasing trading a refund would be made to customers’ for the unused portion of their agreement and all data returned.
Should a Webroot Customer go into liquidation or administration, and a Customer of theirs request access to their data, we will (based upon proof of ownership and subject to any legal assignations or local regulatory restrictions) fully and timely comply with their request for their data.
In cases where a Customer’s assets are legally transferred to another entity we will return the Customer’s data to the new legal entity. Any discussions held with a Customer or their Customers’ as a result of their administration or liquidation will be sympathetically and fairly based around the terms within our standard terms of contract.
In addition to our commitment to theCloud Industry Forum Code of Practice Webroot Services Limited is happy to provide relevant case histories and telephone customer references.
In addition full copies of our Master Services Agreement and SaaS Cloud solution SLAs may be found here: http://www.webroot.co.uk/En_GB/land-master-service-agreement.html
And, a Webroot Services Limited Cloud Industry Forum Customer Information Pack to clarify our key trading terms and conditions is available here.
SAS70 -1 - Audit conducted by KPMG on the Webroot Web Security Service - April 2011. This audit is available on request under NDA. This supports the Provisions for Information Security required under the CIF Code.
PCI DSS Payment Card Industry Data Security Standard – Webroot is fully PCI compliant and all staff are tested and Webroot is audited annually for adherence to PCI compliance. This standard of information handling reflects Webroot’s due care of all customer data and thwe Provisions for Information Security required under the CIF Code.
ISO 27001/2 - Webroot partners with Amazon and their EC2 infrastructure to deliver our SaaS solutions. AWS’ Security Team has established an information security framework and policy based on the COBIT framework and is transitioning to a framework based on ISO 27002 controls. AWS Security maintains the security policy, provides security training to employees, and performs application security reviews. These reviews assess the confidentiality, integrity, and availability of data, as well as conformance to the information security policy. They help to support the Data Protection and Provisions for Information Security required under the CIF Code.
Copyright 2004 - 2013 Webroot Inc.