Compliance
Security, Compliance, Reliability & Privacy
Industry Frameworks for Trust and Security
Our organization’s controls are suitably designed and operating effectively to meet the applicable trust services criteria as well for industry frameworks.
SOC2
SOC 2 (System and Organization Controls) is a regularly refreshed report that focuses on non-financial reporting controls
SOC3
SOC 3 (System and Organization Controls) is a regularly refreshed report that focuses on internal controls
PCI - DSS
The Payment Card Industry's Data Security Standard is an information security standard for the handling of credit card information.
HITRUST
The HITRUST CSF is an industry-agnostic framework for regulatory compliance and risk management.
Vendor Management and Security Assessment Program
Our data centers, co-location, and managed service providers undergo a thorough security assessment as a part of the evaluation process and then undergo regular SOC1, SOC2 and/or ISO/IEC 27001, PCI and HITRUST audits thereafter. In the event these audits have material findings, which present risks to BraveSoft or our clients, we work closely with the vendor to track their remediation efforts until the issue has been resolved
SLA Response for Severity Issues
1
Minute SLA for Severity 1 Incidents
1
Hour Regular Update Communications
1
Minute on Average Incident Response