Security

Security

Latest Update: May 17, 2021

At Bryq, we take security and availability very seriously. Below is an overview of the measures and precautions we take to secure our customer data and keep it safe. 

 

Third-Party Auditing 

Bryq undergoes SOC 2 Type II audits annually, verified by third-party auditors.

 

We contract third party security auditors annually for penetration testing and vulnerability assessments, comprising a variety of activities, such as infrastructure testing and targeting OWASP and WASC vulnerabilities.

 

Infrastructure

Bryq’s computing infrastructure is provided by Amazon Web Services, a secure cloud services platform. Amazon’s physical infrastructure has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate and Sarbanes-Oxley.

 

Access to our infrastructure is tightly controlled and monitored. In addition to strong security controls, we make sure that the data we collect remains available through daily backups, and is retained for 30 days.

 

Applications

All communications between clients and our servers enforce https and are encrypted with 256-bit SSL/TLS encryption. Passwords are always encrypted and never stored in cleartext.

 

All data access is protected by a role-based access-control mechanism, which only lets users view data for which they have permission. It’s impossible for users to view data from organizations other than their own.

All stored data is encrypted at rest using 256-bit Advanced Encryption Standard (AES-256).

 

Internal Processes

Only authorized staff have access to our production infrastructure and require strong authentication. We limit access to customer data to the employees who need it to provide support and troubleshooting on the customer’s behalf. Accessing customer data is done solely on an as-needed basis.