Security
Latest Update: February 14th, 2024
At Bryq, we take security and availability very seriously. Below is an overview of the measures and precautions we take to secure our customer data and keep it safe.
Service Status
You can monitor the status of Bryq services from our status page.
Vulnerability Disclosure Program
You can find details on our Responsible Disclosure page.
Third-Party Auditing
Bryq undergoes both SOC 2 Type II and ISO 27001 audits annually, verified by third-party auditors. Our certification reports for both SOC and ISO are available to our customers upon request.
We contract third-party security auditors annually for penetration testing and vulnerability assessments, comprising a variety of activities, such as infrastructure testing and targeting OWASP and WASC vulnerabilities.
Infrastructure
Bryq’s computing infrastructure is provided by Amazon Web Services, a secure cloud services platform. Amazon’s physical infrastructure has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley.
Access to our infrastructure is tightly controlled and monitored. In addition to strong security controls, we make sure that the data we collect remains available through daily backups, and is retained for 30 days.
Applications
All communications between clients and our servers enforce https and are encrypted with 256-bit SSL/TLS encryption. Passwords are always encrypted and never stored in cleartext.
All data access is protected by a role-based access-control mechanism, which only lets users view data for which they have permission. Users can’t view data from organizations other than their own.
All stored data is encrypted at rest using 256-bit Advanced Encryption Standard (AES-256).
Internal Processes
Only authorized staff have access to our production infrastructure and require strong authentication. We limit access to customer data to the employees who need it to provide support and troubleshooting on the customer’s behalf. Accessing customer data is done solely on an as-needed basis.