Brainspace is a software platform sold as an on-premise solution, installed within a client’s secure network environment.
Application Development Policy
This policy ensures applications are purpose-built with secure configurations. Vulnerability scans are performed on all releases and a full manual and automated penetration test is performed at least annually and with each major release of the software. Vulnerabilities are assessed and prioritized based on the OWASP risk management guidelines.
Critical/High vulnerabilities are addressed and corrected immediately.
Medium/Low risks are assessed and prioritized for remediation accordingly.
Brainspace uses the most secure available TLS encryption for application access (User Interface). In addition, all inter-server communications are encrypted within the Brainspace servers, as well as to third-party applications using certified Brainspace Connectors.
OS-Level Encryption
The choice and implementation of encryption is left to the customer, to allow for flexibility in meeting specific security requirements and preferences. As there are numerous encryption methods and vendor solutions available, encryption has not been tested and all implementations may not be supported.
Brainspace’s Security Policy has been reviewed by Optiv Security, a leading and nationally known security services provider, confirming that Brainspace maintains appropriate processes and levels of controls that ensure adherence to our security policies.
Vulnerability and Penetration Testing
Brainspace policy is to perform full automated and manual vulnerability and penetration testing for each major and minor release. All identified vulnerabilities are reviewed for detailed risk assessment and remediation according to OWASP methodologies. Any Critical/High risks are addressed immediately with all urgency. Medium and Low risks are first addressed with operational risk mitigation procedures, then prioritized in the Development road map to remediate with an upcoming release according to their level of risk. Once all identified issues have been remediated, Brainspace will schedule a retest and validation of the resolved vulnerabilities.