1
2
3
4
5
6
7
8
9
10
11
12

Data Security

Updated
January
01
2025

We take our customers’ data security very seriously and have extensive experience serving enterprise clients with complex security requirements globally. This statement covers key elements of our data security policy.

We use enterprise-grade, world-class data centers

Brazos Safety Systems, LLC (“Brazos”) leverages virtual and physical infrastructure hosted and managed by Microsoft Corporation (“Microsoft”) which includes secure data centers and advanced data protection technology.

Microsoft continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Microsoft data center operations have been accredited under:

  • ISO 27001 and ISO 27017/8
  • SOC 1, SOC 2 and SOC 3 / SSAE 16 / ISAE 3402 (previously SAS 70 Type II)
  • PCI DSS Level 1

Microsoft has also given special attention in the US and EU to comply with any new or changing regulations, such as:

  • Sarbanes-Oxley (SOX)
  • HIPAA
  • Safe Harbor / Privacy Shield
  • EU Data Protection Directive (GDPR)

A full list of Microsoft’s certifications is available here.

Passwords are stored securely

All user passwords are hashed. Hashing passwords means we don’t have access to the original passwords, nor does anyone else. So even if our database were compromised, everyone’s passwords would stay secure.

Data is encrypted in transit

All communication between the client’s browser and Portside servers is over secure HTTP access (HTTPS), using the industry standard Transport Layer Security (TLS). Only the most relevant and secure level of TLS is accepted by Portside. We are using TLS 1.2 and 1.3 certificates with ciphers recommended by the U.S. Department of Commerce, National Institute of Standards and Technology (details can be found here).

Data is encrypted at rest

All account data that is not moving through the network is encrypted while “at rest” in the database. We encrypt all data using 256-bit AES encryption. This ensures that even if access to our databases is compromised, the intruder will not be able to gain access to customer data.

System and operational security

We protect our system infrastructure by using dedicated firewall and VPN services to block unauthorized system access. Firewalls on all servers are set to default-deny. Database connections are only accepted from other Portside servers on the internal virtual private network.

All communication with servers (outside of public HTTPS access) is over encrypted secure shell (SSH) and password authentication is disabled. SSH authentication is available only via public/private key authentication.

We strive to keep all server software on the latest version; however, when that is not possible, we do ensure that the latest security patches are installed and up-to-date.

Access is logged

We log all user activity in the application, as well as any systems access by our employees, using Microsoft Azure services. An audit log is maintained and is reviewed periodically.

Employee access restrictions

All employees are required to sign a confidentiality agreement. Tight system access security is enforced and no Brazos employees are able to access customer data unless specifically required to do so for supported reasons. Then only specially designated senior technical employees have the necessary access permissions. Any system access is logged and tracked for auditing purposes. We enforce two-factor authentication both for infrastructure access and for code repository.

Customer data separation

Brazos has been carefully designed to separate customer data and to prevent even inadvertent disclosure of data from one user to another. User account permissions and roles are enforced at the server and database level to prevent malicious users from escalating their privileges. We carefully design all new features to prevent potential attacks such as SQL injection and cross-site-scripting.

Backup policy

All data is physically stored on servers in the United States. Backups are performed automatically by Microsoft, and the database can be restored to any point in time in the past 30 days.

Anti-virus scanning

Brazos automatically scans all uploaded files for viruses. This helps protect against malicious files from being uploaded and shared with other users in the account. If Brazos detects a virus in a file, we reject the upload and notify the user.

We do not store payment details

Brazos does not store or process payments. All payments go through institutional grade, enterprise payment processing partner, which implement PCI DSS compliance with the most stringent standards.  

Penetration and vulnerability testing

Brazos conducts annual third-party penetration testing on its systems to validate and confirm that there are no technical vulnerabilities that may have been missed.

This website use cookies. Learn More.
OK