BombBomb Security Practices
Security is an essential part of our business and is embedded in everything we do. Keeping your data safe is a top priority. Security and Compliance is achieved through a variety of processes and practices that we employ:
- Application Security: Our application is regularly tested by staff for vulnerabilities, both with automated tools and by manual vulnerability testing. Any security threat we identify is fixed in a timely manner. Access to the application is monitored by Security staff.
- Network Security: We use a variety of logging and detection systems to monitor our corporate infrastructure. Our Security team is on call 24 hours per day to respond to network and security alerts. Our network is also regularly tested by staff for vulnerabilities. Any threats are remediated and patched in a timely manner.
- Physical Security: Our application is hosted in U.S. based data centers that are certified with the following Compliance certifications: ISO 27001, PCI/DSS, SOC 2, SOC 3. All access to these datacenters is tightly controlled and monitored 24 hours per day. All access to our corporate offices is restricted to authorized users only. Access to our facility is also monitored by security staff 24 hours per day.
- Availability: We monitor uptime across every service in our infrastructure. We use this data to continually improve our availability and service quality. We also employ an Incident Response Plan to manage threats to availability. We routinely conduct Disaster Recovery planning to prepare for any potential issues that could arise.
- Data Security & Integrity: Communication protocols are encrypted using TLS over public networks. Data at rest is encrypted using a minimum of AES 256.
- Auditing & Compliance: We possess the SOC 2 Type I certification, which was conducted and attested to by a 3rd party auditing firm. We adhere to the U.S. – E.U. Privacy Shield & U.S. – Swiss Safe Harbor programs. We regularly conduct internal testing on a variety of critical application and network processes to look for vulnerabilities and find opportunities to improve our operations.
- SOC 2 Type I: This is available for current and potential customers upon request, provided an NDA has been signed.
For more information please contact us at email@example.com.
- E.U. – U.S. and Swiss-U.S. Privacy Shield certification. For more information about our Privacy Shield certification, please visit: Privacy Shield.
For more information please contact us at firstname.lastname@example.org. For a downloadable PDF of this security policy click here.