The security of BrandSync

is built on 4 main pillars

BrandSync Security

PEOPLE

PROCESS

PRODUCT

PARTNERS

FOUNDATION

Foundation

We believe that a robust security governance model is the foundation of every sustainable security processes organization. This is why we build our security based on industry best practices, focusing on adoption of these practices to nurture and risk appetite of our business. We believe that security is not only a project, but a day to day activity. This is why our security model focuses on agility, efficiency and pragmatic approach. 

Governance of our security is a combination of industry standards. We use NIST CyberSecurity Framework (CSF) to identify strategic goals and objectives.  Tactical implementation is based on CIS benchmarks to secure our technology and ITIL & ISO 27001 standard to ensure proper process and people management. 

Our Information Security Goals, Objectives and Procedures are documented in a set of Policies available to our employees but also our third parties. We include clauses in our agreements with third parties to ensure that they also follow our security approach. 

BrandSync has an appointed role of CISO (Chief Information Security Officer) who is responsible for both strategic direction, but also supervises day to day operations. The CISO reports directly to our CEO.

People

Our people are a key element in our security. We conduct proper user on-boarding to ensure that they are aware of our security principles and policies. All of our personnel are trained annually on security awareness and quarterly on specific security areas that are identified as a part of our annual risk assessment. In addition, we perform more sophisticated social security tests. 

Process

We have a wide set of processes to holistically build our security, which is documented and available to all of our personnel. Knowledge of our policies and procedures is acknowledged annually by each of our staff members. All of our assets and data are classified and there are controls in place which are adequate to classification of given assets.

Product

We implement the most cutting edge technology to ensure proper security, integrity and availability of our platform. BrandSync is multi-cloud hosted to meet the highest availability requirements of our customers. Development of our software and systems have security embedded into the entire life cycle, which is validated by external scans and checks. Additionally, we perform red teaming activity on an annual basis.

Partners

Our security principles and policy statements are embedded in clauses of our agreement templates. We perform due diligence checks before we onboard any of the vendors; this includes completion of assessment questionnaires and compliance checks. 

All of the above statements are verified by external auditors or other reputable organizations. We are an ISO 27001 compliant organization, which was confirmed by one of the largest accredited auditors, Dekra. Additionally, we are scanned monthly by RiskRecon – a Mastercard company – to verify that we ensure compliance with our internal procedures. Copy of the Risk Recon reports are available here.