We have always taken the topics of security and privacy at Bloomreach Engagement very seriously. It is our highest priority to protect the data we work with, including our clients’ data. We strive to always use the highest measures so that we stay secure and compliant. Security shapes our structure, educational objectives, and recruiting process.
This whitepaper outlines Bloomreach Engagement’s perspective on security and compliance. It focuses on security controls and elaborates on processes and details of how Bloomreach Engagement protects our clients’ data.
# Security as our priority
We are trying to create a strong security culture amongst all employees of Bloomreach Engagement. We strongly believe that every employee is an essential part of our defense against potential security breaches.
This culture has a strong impact on all employees and is present at all stages and everywhere, including the hiring process, and employee onboarding, but also as a part of the ongoing training that Bloomreach Engagement provides and company events to raise awareness. Before an employee joins Bloomreach Engagement, we perform a check of his/her background. All our employees must be familiar with our security policies and go through security training as part of the onboarding process and receive regular security training throughout their stay here at Bloomreach Engagement. During the onboarding process, new employees agree to our NDA and go through OWASP training. This shows our commitment to keeping the data of our customers secure.
All employees working at Bloomreach Engagement must follow our password security and lockout policy, must have 2FA authentication, must have a secure Wi-Fi connection, or alternatively, be connected to our VPN when working remotely. Additionally, all of Bloomreach's employees are using Okta which is a Single Sign-On service that enables them to securely access their accounts and applications.
# Security development practices
The developers in the IT segment receive instructions on topics like best coding and development practices, the principle of least privilege when granting access rights, etc. The IT department also attends technical presentations on security-related topics and receives regular updates on the newest issues from the Cybersecurity space in our Security channel.
# Our certificates
Bloomreach Engagement has valid certifications to show how seriously we take the topics of security and compliance. You can find our certificates on **[our website.](🔗)**
# SOC 2 Report
Bloomreach Engagement holds a SOC 2 report which goes into depth about technical security measures in our application's infrastructure, and organizational security measures in the company. You can access the report with an NDA in place.
# Security operations team & the DPO
Bloomreach Engagement has a dedicated team that consists of security engineers and a security manager who is an essential part of our IT. This team is responsible for maintaining Bloomreach Engagement's protection and defense systems, reviewing security operational processes, building security frameworks, and creating new security policies. They also monitor any suspicious activity, address cybersecurity threats and perform regular health checks and audits. Our independent Data Protection Officer (DPO) makes sure that Bloomreach Engagement stays compliant. The DPO is tasked with monitoring compliance with the GDPR and other data protection laws, our data protection policies, GDPR awareness training, and audits.
# Protecting our clients’ data
Bloomreach Engagement has several security features and has been built with security in mind. You can read more about these features in our [Security controls article](🔗).
The Bloomreach Engagement application also supports our customers in finding the [best ways to be compliant with GDPR](🔗) and our product and employees are constantly reviewing our own compliance.