We deploy best-in-class practices and tools to maintain security on all levels.
Brassica maintains strict role-based access control across all our internal and external systems. Access to all critical services requires SSO or multi-factor authentication where available.
An annual independent audit of policies and procedures is conducted at Brassica. This includes reviewing the Information Security Policy, Third-Party Risk Management Policy, Business Continuity Policy, Incident Response Policy, and data privacy practices.
Brassica continuously performs internal vulnerability scans to identify and remediate potential system vulnerabilities. Regular risk assessments are conducted to ensure a comprehensive understanding of security, availability, and privacy risks in products and services.
Brassica implements third-party management policies and procedures to protect assets and data accessible by vendors, ensuring information security and service delivery standards are met.
Brassica conducts background checks on all applicants selected for full-time employment.
All Brassica employees are required to complete annual security training.
Brassica is committed to compliance with all applicable financial and data privacy laws.
Brassica conducts an annual external independent audit — penetration testing, vulnerability scans, and information security.
Brassica collects audit trails, covering every write operation in Brassica’s ecosystem.
Brassica encrypts all data, with the strongest encryption available with at least the standards of (AES-256-GCM) and (TLS 1.2).
Brassica’s uses a Tier 1 Cloud Provider to host fully segregated sandbox and production environments.
Brassica uses ACLs and Web Application Firewalls amongst other network security tools to audit and detect abnormal behavior.
Customer tokens restrict API resources to only what is enabled for a specific customer, and limit token exposure to individual customers. API tokens are set to automatically expire in one year. Brassica lets you customize expiration dates to enforce stricter security policies in your organization.
They include built-in Two Factor Authentication (OTP) and customizable expiry that your systems can rely on. Brassica helps you track and log your account and organizational access.
The Brassica dashboard includes built-in roles and permissions for your team members. This ensures that access to information on a need-to-know basis only.
Brassica ensures high availability, improving recovery times and providing access to second availability zones.
We backup all production data and all backups are geo-replicate backups within the same judicial data boundary.
We continuously monitor the platform and post real-time updates to our public status page.
We have a comprehensive business continuity plan that we activate put into action when facing disruptions. To ensure its effectiveness, we conduct annual tests. This rigorous testing process enables us to fine-tune the plan, allowing us to handle any unforeseen circumstances with confidence.
Brassica encourages everyone to follow responsible disclosure procedures when reporting security issues that surround our products, services, websites, or infrastructure. We are committed to engaging with anyone reporting security vulnerabilities in a positive, professional, mutually beneficial manner that protects our customers.