Buzzle is in the process of preparing for a Service Organization Controls audit (SOC 2) with the help of a security vendor.
Buzzle runs package dependency security scans daily as well as container vulnerability scans on a weekly basis.
As part of our software development process, we follow best practices surrounding code deployment and change order management. All code and configurations changes are required to undergo a thorough review. Changes must be deployed and validated in testing environments before deployment to production. We strive to develop code that follows OWASP (Open Web Application Security Project) best practices.
Encryption is used to protect data within Buzzle systems. Data in transit utilizes 256-bit TLS encryption. Data at rest, including backups, is encrypted using Advanced Encryption Standard (AES-256).
Buzzle uses Amazon Web Services (AWS) as our cloud provider for hosting infrastructure. More information about physical security of AWS data centers can be found here.
Security updates and patches are regularly installed to keep servers up to date. Restrictive firewalls and role-based policies are used to protect Buzzle infrastructure.
Buzzle implements extensive service monitoring and 24x7 support to ensure reliability. Geo-redundant database backups and multi-region managed-services are utilized to ensure data durability. Buzzle also maintains business continuity and disaster recovery plans in case of an emergency.
All employees undergo a background check by a third party provider in accordance with local law. Security training is required annually for all employees, covering topics such as data privacy, information security, and password security.
Buzzle follows the practice of “least privilege”, meaning employees only have access to systems which are necessary to perform their job. Quarterly access reviews are conducted for each employee.
Employee computers are required to have the following configuration: full-disk encryption, strong passwords, automatic locking and enforced OS updates.
Buzzle maintains separate environments for development, staging and production.
Customer data is hosted in a multi-tenant environment. Role-based access control is used to segregate data by customer, ensuring that customer data to is unable to be exposed to unauthorized users from other organizations.