Security Certifications
BixBeta performs various audits to maintain adherence to industry standard best practices.
BixBeta is now following the procedures to obtain a SOC 2 Type 2 certification. This confirms our measures to maintain the ongoing security of our customers' data.
The SOC 2 audit employs the Trust Services Criteria established by the Assurance Services Executive Committee (ASEC) of the AICPA. These criteria assess the appropriateness of BixBeta's controls in terms of security, availability, processing integrity, confidentiality, and privacy of information and systems.
Data Center & Network Security
BixBeta stores all its software in Amazon Web Services (AWS) located in the USA. Amazon offers a comprehensive range of compliance and regulatory certifications, including SOC 13 and ISO 27001.
BixBeta's servers are housed within a secure virtual private cloud (VPC) and protected by strict security groups that permit only necessary communication between the servers.
BixBeta undergoes third-party network vulnerability scans on an annual basis at minimum.
Data Security
All connections to BixBeta are secured through SSL encryption, and any HTTP connection attempts are redirected to HTTPS. Customer data is encrypted both in storage and during transit.
System passwords are encrypted using AWS KMS with restricted access to specific production systems. We use industry-standard data storage systems hosted at AWS.
Data access and authorization are granted based on the principle of least privilege and only as required. Access to the AWS production system is limited to approved personnel only.
Customers of BixBeta can set a data retention period, and after the contract terminates, customer data is removed from BixBeta systems.
Security Policies
BixBeta's security policies are maintained, communicated, and approved by management to ensure everyone clearly knows their security responsibilities.
BixBeta policies are audited annually as part of its SOC 2 certification.
The employee hiring process includes background checks.
Code development follows a documented Secure Development Life Cycle process. The security team reviews the design of all new product features. BixBeta mandates code reviews for code changes and regularly performs in-depth security assessments of its architecture and critical code. The development and testing environments at BixBeta are distinct from the production environment.
Vulnerability Disclosure Process - BixBeta considers security as a fundamental aspect of our platform. Maintaining the confidence of our customers is of utmost importance, so we hold ourselves accountable to the highest security standards.
Application Security
Web application architecture and implementation follow OWASP guidelines.
In addition to BixBeta's internal testing program, BixBeta conducts application penetration testing by a third-party at least annually.
Single sign-on (SSO) allows you to authenticate users without requiring them to enter login credentials for your BixBeta instance.
Audit logging lets administrators see when users last logged in and what features they used.
Application Monitoring
All access to BixBeta applications is logged and audited. Logs are kept for at least one year and BixBeta maintains a formal incident response plan for major events.
Report an Issue
If you have discovered a security issue that you believe we should know about, we would love to hear from you. Please reach out to us at info@bixbeta.com
