Trust
Our top priority is the privacy and security of Calix products. We are committed to protecting all information entrusted to us from known risks and emerging threats. Our team continuously monitors global regulatory developments and technology industry practices to meet or exceed market requirements wherever Calix does business.
‘Security by Design’ is our product foundation
Security by Design principles
The principles of Security by Design are an essential component to building, implementing, and maintaining Calix’s Product Security program.
- Security is everyone’s responsibility. Every participant in product development, from Product Line Leaders to Engineers, is responsible for meeting security requirements at every stage of the development lifecycle. Product Security Architects partner with each development team to ensure all threats are understood and mitigated, and Security Champions provide subject matter expertise within each team to scale security knowledge and oversight.
- The secure path is the default. All product configurations should provide the most secure option as the default path.
- Always be cautious. We assume every outside system is malicious, and we expect our customers to make the same assumption of our environment. We should not be dependent on security controls within our customers' or their subscribers' environments to deliver a secure product experience.
- Product security covers the entire product. We review all uses of third-party components, including open-source libraries and development environments.
- Continuous testing, continuous response. We continuously monitor, assess, and improve the security of our products throughout their lifecycle, and we welcome community reports of security issues through our Coordinated Vulnerability Disclosure program.
‘Privacy by Design’ is our product blueprint
Privacy by Design principles
The principles of Privacy by Design are essential to building, implementing, and maintaining Calix products.
- Privacy is proactive, not reactive. We anticipate and address privacy risks in advance so we don’t have to address them after they have become a real threat.
- Privacy as the default setting. We limit data collection and retention to the minimum necessary to accomplish the intended purpose.
- Privacy embedded into design. We embed privacy protections into product design and configure our infrastructure with privacy considerations in mind.
- End-to-End Protection. We secure data throughout its lifecycle—from collection and creation to destruction.
- Visibility and transparency. We handle data according to our stated purpose and keep all relevant stakeholders aware of what we are doing with it.
- Respect for user privacy. We keep individual users at the forefront and strive to give them more control over what happens with their personal information.
