— Security Protocols —
At Botkeeper, your security is our highest priority
Botkeeper Maintains SOC 2 Type 2 Accreditation.
Botkeeper’s automated bookkeeping solution takes security seriously, with industry-standard SOC 2 Type 2 accreditation, two-factor authentication, and 256-bit encryption for data at rest and data in transit.
SOC 2 Type 2 accreditation means:
-
Botkeeper has the required data security controls in place to protect customer data against unauthorized access.
-
Botkeeper can detect anomalies and security incidents across its entire ecosystem.
-
In addition to preventing risk situations, Botkeeper can quickly repair damage and restore functionality in the event of infrastructure or system failures.
-
Botkeeper’s security controls are both correctly designed AND function as intended.
Botkeeper’s SOC 2 Type 2 accreditation is granted by an industry best, reputable independent third party, and Botkeeper renews the report annually with continuous testings. That means any information shared with Botkeeper is protected to the highest current standards, and you can rest easy knowing your data is in good hands.
We follow best up-to-date security practices
Security at Botkeeper is never set-and-forget
Our security team does far more than lay out and implement a security policy; they monitor trends and threats in the digital world, continuously adapting our flexible and robust security protocols to provide maximum protection. Our systems and staff experience ongoing testing and checking to ensure security compliance and best practices. Our staff is regularly trained and re-trained on appropriate security protocols, and we employ penetration testing to confirm the efficacy of our solutions.
Our security platforms, policies, and processes
Dedicated to comprehensive security
Our data protocols include 256-bit encryption as well as several other best-in-class security protocols, including background checks, biometrics, and extensive permissions. All of our systems and databases are located in AWS data centers within the US, plus we own our IP. Our policies and procedures are regulated by US law. Botkeeper maintains SOC 2 Type 2 attestation and renews it annually.
Personal information should stay that way
We take every precaution to protect you
We do not collect any personal information about you unless you voluntarily provide it to us, and we do not sell, rent, or lease your personal information to third parties without your consent. We secure your personal information from unauthorized access, use, or disclosure, using the following methods for this purpose: SSL Protocol; Two Factor Authentication; and Database Encryption.
Vulnerability management
Our Vulnerability Disclosure Program keeps everyone safer
At Botkeeper, we value the role that security researchers play in maintaining and improving the security of our platform. Recognizing the importance of collaborative security efforts, we engage with a global community of ethical hackers and security researchers through our Vulnerability Disclosure Program (VDP). Our VDP is designed to encourage responsible disclosure, providing a safe channel for reporting vulnerabilities directly to our security team. If you think you’ve found a vulnerability in the Botkeeper platform, reach out to us via our VDP program page.
Continuous monitoring
These are the controls we continuously monitor.
-
App Security
Annual Penetration Test
Code Review Process
Employee Disclosure Process
Secure Software Development Lifecycle
Web Application Firewall
-
Data Security
Daily Database Backups
Encryption at Rest
Security Policy
SSL/TLS Enforced
System Access Control Policy
-
Infrastructure Security
Cloud Data Storage Restricted
SSO Integration for Web-Based Admin Access
Password Policy
Security Patches Automatically Applied
-
Network Security
Denial of Public SSH
Malware Detection Software
Unique Accounts Used
-
Organization Security
Code of Conduct
Disaster Recovery Plan
Incident Response Plan
Incident Response Team
Security Training
-
Product Security
Production Infrastructure Monitored & Alarmed
Hard-Disk Encryption
MFA on Accounts
Databases Monitored & Alarmed
Session Lock