Security

Our focus on security goes beyond a feature checklist: it’s a point of pride. All C-Work clients (web, mobile, desktop, terminal, and integrations) require TLS encryption and authentication over HTTPS for all data transmission between clients and the server, both on LAN and the Internet.

Secure and Encrypted Meetings

Keep your conversations secure with Restricted Meetings and by having all content in transit encrypted using AES-256 GCM.

Enterprise-Grade Security

C-Work is used by some of the most security-conscious organisations in the world.

Secure Messaging

Message content can be excluded from mobile push notifications, to avoid displaying message content on locked mobile screens, and to comply with strict compliance policies such as the USA’s HIPAA standards.

Configurable Access Control Policies

C-Work supports private messages (to one or more individuals), private streams with any number of subscribers, as well as public streams available to all organisation members.

Limited Features for New Users

C-Work can limit the features that new users have access to until their accounts are older than a configurable waiting period.

Password Strength

C-Work uses the zxcvbn password strength checker by default, and supports customising users’ password strength requirements.

Roles and Permissions

Invite users and manage what they can do, their default channels, and deactivate access.

Single Sign-On (SSO)

SSO allows you to authenticate users in your own systems without requiring them to enter additional login credentials.

Software Development Lifecycle (SDLC) Security

C-Work implements human review processes in order to ensure consistent quality in our software development practices.

Account Credentials

Users can rotate their accounts’ credentials, blocking further access from any compromised C-Work credentials. With C-Work on-premise, server admins can additionally revoke and reset any user’s credentials.

Message Retention Policy

By default, C-Work stores messages indefinitely, allowing full-text search of your complete history. It supports configuring both a global organisation-level message retention policy, as well as retention policies for individual streams.