Bloomreach Engagement has established a dedicated security team responsible for the security and privacy of your data. We also operate with a Security incident management policy to ensure events are reported, logged, communicated, prioritized, and resolved. Our Support team is on call to help as outlined in your SLA.
Highly available monitoring infrastructure continuously monitors data processing pipelines, application performance, resource exhaustion, and availability. Once monitored thresholds are exceeded, our monitoring tools automatically trigger alerts in an alert manager tool to one of our on-call developers. The escalation time and contacts are defined in our alert manager tool.
In the event that any unexpected code error happens in the system, steps are taken and the event is logged. Our Support team also takes steps to log an incident reported by you and communicate updates throughout the incident. Clients are provided with the required information promptly to be able to report to their local authorities if necessary.
Bloomreach Engagement also takes steps to mitigate events. Internal and external vulnerability scans are performed at a minimum annually. An independent 3rd party also executes penetration tests on Bloomreach Engagement's cloud platform at a minimum every year. If you require our most recent scan results or would like further information please contact your CSM for more details.
**Application logs example**
We are also able to provide application logs on request for our clients. This comes in the form of an Audit Log and we discuss this in more depth in the [Audit log feature](🔗).
**Infrastructure logs example**
Our central logging services and monitoring software is utilized to collect data from the GCP cloud infrastructure components to monitor system activity and access and identify potential security threats and vulnerabilities. A Security Management and Data Risk Tool is utilized for preventing, detecting, and responding to threats.