DMS Security Statement
Security Statement – DMS
This policy sets forth information security standards for the protection of client information through the Data
Management Solutions software.
Maintaining the confidentially and integrity of client information stored, processed, or transmitted is a requirement of all personnel. This policy applies to information in any format including electronic and hard copy.
The security policy ensures that:
- Information will be protected against unauthorized access.
- Confidentiality of information will be assured.
- The integrity of information will be maintained.
- Availability of Information for business processes will be maintained.
- All actual or suspected information security breaches will be reported and thoroughly investigated.
- Information security training is available for all employees.
- Procedures exist to support the policy, including virus control measures, passwords, and continuity plans.
The security of our client’s data is of utmost importance as we have and will continue to explore measures to ensure the safety of our client’s data. Our secure Data anagement Solution: Data Validation Tool web application has been thoroughly tested through Veracode’s cyber-security experts. This robust penetration and application security testing allowed Broker Builder Solutions, LLC to put parameters in place to mitigate risk and provide a sound portal for your data auditing and reconciliation needs.
All data is housed in an encrypted DigitalOcean managed database. Data is encrypted in transit with SSL
(secure sockets layer) and at rest with LUKS (Linux Unified Key Setup) with automatic updates with security patches.
Electronic Authorization & Application Hosting
Access to Data Management Solutions (DMS) is handled through Amazon Web Service (AWS) Cognito for user
authentication and control access authorization. Additionally, custom authorization code within the application for each API route exists so users can only access data from the organization and company they belong to.
Application hosting is within Vercel who is SOC2 Type 2 compliant. The data housed within the application is encrypted at rest (AES-256) and in transit (HTTPS / TLS), including sensitive information like access tokens and secrets.
Annual application security auditing and penetration testing is performed through Veracode to identify vulnerabilities and loopholes to prevent cyber-attacks such as SQL Injection and Cross-site scripting.