Security & Data Privacy Compliance Information
Last update: January 18, 2023
Brightmerge cloud platform deployed using virtualized resources for its software-as-a-service solutions (“SaaS Solutions”).
Brightmerge SaaS Solutions is multi-tenant and logical access controls using authentication and roles to ensure the necessary separation between data from different clients. During the onboarding of a project into the platform, the data is anonymized, and specific elements, such as locations or names, are generalized.
Brightmerge have code conventions and standards, authentication, password policy, password storage etc. as well as API security which includes IP based access, TLS enforcement, CORS, etc and PCI DSS Level 1 compliance for our platform hosted on Amazon Web Services (AWS), Microsoft Azure. Brightmerge maintain high code standards, DB and static analysis mechanisms to ensure compliance with OWASP Top Ten.
Write access to Brightmerge SaaS production source code is limited to the engineering staff. Anti-malware scans are performed during all build processes.
Additionally, Brightmerge uses industry standard practices and relies on its 15 years of experience operating highly secure SaaS solutions for security controls such as intrusion detection, change management, automated source-controlled configuration management, and formal security policies and procedures.
Brightmerge uses multiple monitoring processes and tools to continuously track network resources, operating systems, applications and capacity. Systems are load balanced and scaled up when predetermined capacity thresholds are reached.
Password complexity rules and account lockouts are enforced in all environments to protect against brute force dictionary attacks or other passwords threats.
Brightmerge periodically reviews employee access to internal systems. Reviews ensure that employees’ access rights and access patterns are commensurate with their current positions.
ISO/IEC 30163:2021 specifies the system requirements of an Internet of Things (IoT)/Sensor Network (SN) technology-based platform for chattel asset monitoring supporting financial services, including: - System infrastructure that describes functional components; - System and functional requirements during the entire chattel asset management process, including chattel assets in transition, in/out of warehouse, storage, mortgage, etc.; - Performance requirements and performance specifications of each functional component; - Interface definition of the integrated platform system. This document is applicable to the design and development of IoT/SN system for chattel asset monitoring supporting financial services.