Security

Latest Update: February 14th, 2024

At Bryq, we take security and availability very seriously. Below is an overview of the measures and precautions we take to secure our customer data and keep it safe. 

Service Status

You can monitor the status of Bryq services from our status page.

Vulnerability Disclosure Program

You can find details on our Responsible Disclosure page.

Third-Party Auditing 

Bryq undergoes both SOC 2 Type II and ISO 27001 audits annually, verified by third-party auditors. Our certification reports for both SOC and ISO are available to our customers upon request.

We contract third-party security auditors annually for penetration testing and vulnerability assessments, comprising a variety of activities, such as infrastructure testing and targeting OWASP and WASC vulnerabilities.

Infrastructure

Bryq’s computing infrastructure is provided by Amazon Web Services, a secure cloud services platform. Amazon’s physical infrastructure has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley.

Access to our infrastructure is tightly controlled and monitored. In addition to strong security controls, we make sure that the data we collect remains available through daily backups, and is retained for 30 days.

Applications

All communications between clients and our servers enforce https and are encrypted with 256-bit SSL/TLS encryption. Passwords are always encrypted and never stored in cleartext.

All data access is protected by a role-based access-control mechanism, which only lets users view data for which they have permission. Users can’t view data from organizations other than their own.

All stored data is encrypted at rest using 256-bit Advanced Encryption Standard (AES-256).

Internal Processes

Only authorized staff have access to our production infrastructure and require strong authentication. We limit access to customer data to the employees who need it to provide support and troubleshooting on the customer’s behalf. Accessing customer data is done solely on an as-needed basis.