- 29 Oct 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Brainspace Security Policy
- Updated on 29 Oct 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Brainspace 6 is a software platform sold as an on-premise solution, installed within a client’s secure network environment.
Application Development Policy
This policy ensures applications are purpose-built with secure configurations. Vulnerability scans are performed on all releases and a full manual and automated penetration test is performed at least annually and with each major release of the software. Vulnerabilities are assessed and prioritized based on the OWASP risk management guidelines.
Critical/High vulnerabilities are addressed and corrected immediately.
Medium/Low risks are assessed and prioritized for remediation accordingly.
Brainspace 6 uses the most secure available TLS encryption for application access (User Interface). In addition, all inter-server communications are encrypted within the Brainspace servers, as well as to third-party applications using certified Brainspace Connectors.
Brainspace 6 supports OS-level encryption for securing ‘data at rest’.
Brainspace’s Security Policy has been reviewed by Optiv Security, a leading and nationally known security services provider, confirming that Brainspace maintains appropriate processes and levels of controls that ensure adherence to our security policies.
Vulnerability and Penetration Testing
Brainspace policy is to perform full automated and manual vulnerability and penetration testing for each major and minor release. All identified vulnerabilities are reviewed for detailed risk assessment and remediation according to OWASP methodologies. Any Critical/High risks are addressed immediately with all urgency. Medium and Low risks are first addressed with operational risk mitigation procedures, then prioritized in the Development road map to remediate with an upcoming release according to their level of risk. Once all identified issues have been remediated, Brainspace will schedule a retest and validation of the resolved vulnerabilities.