Security & Compliance
Software Solution Built on Trust
The security of our customer data is our top priority. When BrightEdge was founded in 2007, we built our SaaS technology with security as a founding principle, choosing to undertake the most stringent global security audits – the same audits companies, like Amazon, Microsoft, and Salesforce undergo. Core to BrightEdge is a foundation of secure, reliable, and scalable SaaS infrastructure security controls. BrightEdge’s commitment to security includes ensuring reliable and continuously available data.
Compliance
The NIST Cybersecurity Framework (CSF) is based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risks. It is widely used by public and private organizations of all sectors and sizes around the world. BrightEdge has established an information security program that conforms to CSF, and its compliance is audited regularly.
In collaboration with the private and public sectors, NIST has developed a framework to better manage risks to individuals, organizations, and society associated with artificial intelligence (AI). BrightEdge uses NIST AI Risk Management Framework (AI RMF) to improve its ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems.
The ISO/IEC 27001 standard provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS). Conformity with ISO/IEC 27001 means that an organization or business has put in place a system to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this International Standard. We are dedicated to maintaining strict security standards to ensure that all data entrusted to us is handled with the utmost confidentiality and care.
ISO/IEC 27701 is designed to specify requirements and provide guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within organizations. Customer privacy and the protection of personal information are our top priorities.
A SOC 2 examination is a report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy. SOC 2 reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.
Security
Understanding that each customer may require unique security requirements, we have built customizable security features that allow customers to extend their existing security controls to the BrightEdge Platform. Our security features include, but not limited to, SAML/SSO, customizable password policy, lockout policy, etc. To reinforce our commitment to information security, we undergo annual penetration testing performed by highly reputable security audit firms, proactively addressing vulnerabilities to safeguard our systems and data.
Privacy
The EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework were developed to facilitate transatlantic commerce by providing U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union / European Economic Area, the United Kingdom, and Switzerland that are consistent with EU, UK, and Swiss law. BrightEdge is compliant to the Data Privacy Framework and audited annually for its certification.
The General Data Protection Regulation (GDPR) is a European Union law that was implemented May 25, 2018, and requires organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory. The regulation includes seven principles of data protection that must be implemented and eight privacy rights that must be facilitated. It also empowers member state-level data protection authorities to enforce the GDPR with sanctions and fines. The GDPR replaced the 1995 Data Protection Directive, which created a country-by-country patchwork of data protection laws. BrightEdge is GDPR compliant.
The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law. Although BrightEdge is a B2B software company and does not collect any personal information related to consumers, BrightEdge’s internal process is based on privacy principles that fully comply with CCPA, ensuring its commitment to data protection and user rights.
