Security
Bramble Trust Center
We take InfoSec seriously at Bramble. Security is front of mind for our entire team, from Engineering to Customer Success.
-
Compliance
- Compliance is a priority for us, because we know how much security, privacy and accessibility matters to our customers.
-
Security
- Our practical guide for all Bramble staff, including how everyone, including external researchers, interface with our Security team.
-
Privacy
- Learn about how we collect, use and share personal information, and the various policies we use to manage this data.
-
Availability
- The operational tools and practices we use to ensure continued availability and uptime of the Bramble SaaS platform.
Compliance
Key Policies and Procedures
A comprehensive security program providing assurance that data within Bramble is reasonably protected.
SOC 2 Certification
Bramble maintains SOC 2 type 1 and SOC 2 type 2 (WIP) report for the Security Criteria
- Access Management Policy
- Principles of least privilege, and need-to-know.
- Audit Logging Policy
- How we log critical system activity.
- Business Continuity Plan
- Our contingency plans.
- Data Classification Standard
- Levels of protection for the data we process.
- Data Protection Policy
- Data Protection Impact Assessment (DPIA)
- InfoSec Management System
- Standards for our ISMS
- Password Policy
- Strong requirements, MFA and general OpSec.
- Penetration Testing Policy
- Employing ethical hackers to do pentesting.
- Production Architecture
- Designed for resiliency and security.
- Security Control Framework
- Handling immediate and future security compliance needs.
- Security Incident Response Guide
- How we respond to, and manage, incidents.
- Vulnerability Management Policy
- Identifing vulnerabilities, securing environments.
Security
Everyone at Bramble takes responsibility for maintaining a level of security to support compliance and raising the bar of our security posture.
- Our Security Practices
- Security best practices that support our business operations, infrastructure, and product development.
- Security team overview
- How Bramble staff, and customers, can engage with our Security team.
- Incident Communication Plan
- We believe in communicating about security incidents clearly and promptly.
- Contact Security
- How Bramble staff, and customers, can engage with our Security team.
Privacy
How we handle personal data ensures Bramble is both compliant with legal and regulatory obligations and maintains the trust our customers have placed in us.
- Privacy Policy
- How we collect, use and share personal information.
- Our Privacy Processes
- A culture that respects and prioritizes privacy.
- Vulnerability Disclosure (VDP)
- How external researchers should report vulnerabilities.
- Personal Data Requests
- How we comply with requests under GDPR and CCPA.
Availability
Architected for resiliency, and monitored proactively.
- Monitoring
- How we monitor our live environments.
- Production Architecture
- A secure, flexible and scalable design.
- Incident Management
- How our Engineering team maintains speed and quality.
- Status
- Check current status here, or @brmbl_io_status