Security
How we keep our data secure
BSC Analytics practices what we implement for our customers. Our technologies, policies, and procedures meet or exceed industry standard requirements. Our team of security and compliance experts enable us to meet or exceed rigorous privacy and security standards. Our vendors must, at minimum, comply with industry standards as well.
Data Hosting
AWS
AWS supports more security standards and compliance certifications than any other offering, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, helping customers satisfy compliance requirements for virtually every regulatory regime around the globe.
Encryption
All employee and customer data with BSC and approved vendors is encrypted at rest and all traffic is encrypted in transit using TLS SHA-256 with RSA Encryption.
Security and Compliance programs
People
Background Checks
All BSC employees go through a thorough background check before hire.
Training
Our practice is to retain only the minimum amount of customer data in order for us to serve our customers. We limit internal access to properly cleared employees on a “need-to-know” basis. All employees are trained on security and data handling procedures to ensure that they uphold our strict commitment to the privacy and security of our customers’ data.
Confidentiality
All employees sign a confidentiality, non-disclosure and security agreement before beginning work with BSC Analytics.
Reliability and Redundancy
Business continuity and disaster recovery
BSC Analytics has business continuity and disaster recovery plans in place that replicate our systems and is tested regularly.
Software Development Lifecycle
Routine Audits
BSC Analytics continuously scans our systems for security vulnerabilities which will alert our team to take the appropriate action. Additionally, we audit our access to systems regularly.
Vulnerability Control
We secure our employees’ machines and laptops using mobile device management to ensure that each device follows our information security standards, including encryption.
Malicious Software Prevention
Our employees’ equipment is defended by industry-leading, next-generation anti-malware software. We also conduct routine phishing, social engineering, and penetration tests to further educate and train employees.
Vulnerability scanning
We keep our systems up to date with the latest security patches and continuously monitor for new vulnerabilities through compliance and security mailing lists. This includes automatic scanning of our code repositories for vulnerable dependencies.
Application Security Measures
Authentication – Login credential protection
BSC Analytics supports SAML-based Single sign-on (SSO) with 2-factor authentication (2FA).
Security Details
Certifications and Compliance
SOC 2 Type 2
SOC 2 is the gold standard for security compliance. We have obtained SOC 2 Type 2 certification for our commitment to establish and follow security policies and procedures.
PCI Compliant
We are PCI compliant through our payment processor which encrypts and stores credit card details.