BrightDoor Software Compliancy

BrightDoor understands that our clients must abide by privacy laws related to the handling of personal information.  Our role is to provide software tools and best practices for data security to ensure client compliance.

We provide security certifications as well as audit compliance performed by third parties. This includes:
• Digicert SSL Certified Privacy Seal
• SAS 70 Type II compliance

Corporate Policies
When it comes to our client’s confidential information, BrightDoor has privacy policies that apply in all cases.
• BrightDoor agrees not to disclose to anyone except for client designees any of its information.
• Our software hosted services agreements include confidentiality definitions that prohibit us from sharing client information except under situations when required by law.
• BrightDoor agrees to only gain access to client’s information when required during technical support scenarios.
• All BrightDoor employees and contractors are required to sign and abide by  a non-disclosure / confidentiality agreement prior to gaining employment.
• BrightDoor provides organizations and individual users the ability to update and make changes to information provided.

Best Practices
BrightDoor cares about the privacy of our client’s information.  To ensure we continue to focus on security, we offer the following programs.
• Internal training for BrightDoor personnel
• Account Managers can provide end-user training to ensure clients are taking appropriate security measures when utilizing our software. This extends to use of the BrightDoor Central API for sync of information with BrightApps and 3rd party applications.

BrightDoor maintains technical measures to protect our software service and offers user settings to further heighten privacy and security protection.
• Connection to our software is via secure socket layer/transport layer security (SSL/TLS), ensuring that our customers have a secure connection to their information. Individual user sessions are uniquely identified and re-verified with each transaction.
•  Client passwords are encrypted and not available to BrightDoor personnel.
• Application logs record the creator, last updater, timestamps, and originating IP address for every record and transaction completed.
• BrightDoor maintains each client database as a unique SQL instance (not a multitenant architecture). This ensures zero risk of information sharing between client instances.
• Multiple layers of external firewalls
• Vulnerability scanning performed at regular cycles
• BrightDoor’s software architecture is scalable and utilizing SoftLayer’s industry leading network backbone, offers a high degree of availability.
• All client information is continuously backed up to multiple points (included permanent Amazon S3 archiving). This ensures no loss of information in the result of a catastrophic outage.

Client Settings
Our clients have a high degree of control when applying roles and permissions to critical information.
• Clients can manage which of their users may access various categories of information (through the role group and permission settings).
• Clients may define log-off times for inactivity (set to 20 minutes by default).
• Clients may request IP Range filtering to specific locations (performed by the Account Manager on their behalf).

Please refer to the BrightDoor Data Hosting document for additional details on our production datacenter environment.