- Product Security
- Audit Logs
Buster collects and monitors audit logs and alerts on key events from production systems, applications, databases, servers, message queues, load balancers, and critical services. Logs are securely stored and archived for a minimum of 1 year to assist with potential forensic efforts, and are made available to relevant team members for troubleshooting, auditing, and capacity planning activities.
- Multi-Factor Authentication
Buster requires the use of multi-factor authentication for access to company email, version control tool, and cloud infrastructure. When available, multi-factor authentication should be used to enhance the security of access.
- Data Security
- Data Encrypted At-Rest
Buster requires that data-at-rest be encrypted using strong encryption methods (such as AES-256) and that keys used for encryption are protected to prevent unauthorized disclosure and subsequent fraudulent use. Keys must be rotated based on a number of different criteria such as if the key is compromised or after a specified period of time has elapsed.
- Data Encrypted In-Transit
Buster uses strong cryptography and security protocols (TLS 1.2+ or a minimally equivalent protocol) to safeguard sensitive data during transmission over open, public networks. Buster prohibits the transmission of unprotected sensitive data using insecure end-user messaging technologies.
At Buster, we take your privacy seriously and want to be transparent about our privacy practices. When you use our website or mobile/desktop applications, we may collect certain information about you. This includes personal information, such as your name and contact details, as well as non-personal information like browsing patterns and IP addresses. We use this information to provide you with the products and services you request, to improve our business and services, and to communicate with you about our products, services, offers, and promotions. We also take steps to protect your information from unauthorized access and use.
- Data Removal Requests
Buster must dispose of customer data within 30 days of a request by a current or former customer or in accordance with the Customer’s agreement(s) with Buster. Exceptions may apply based on business needs, local situations, laws, and regulations.
- Availability & Reliability
- Service Monitoring
Buster uses service monitoring tools to evaluate the health and performance of its servers and applications by collecting and analyzing data such as server uptime, response times, and resource utilization. This enables Buster to quickly identify and address issues, minimize downtime, and optimize performance for its customers.
- Organizational Security
- Limited Employee Access (Principle of Least Privilege)
Buster adheres to the principle of least privilege, which specifies that team members will be given access to only the information and resources necessary to perform their job functions as determined by management or a designee. System access is revoked immediately upon termination or resignation.
- Personnel Screening
All personnel at Buster are required to complete a background check, which must be reviewed by an authorized member of Buster in compliance with local laws. This policy applies to all personnel who access or utilize Buster assets or applications.
1 more topic
- Business Continuity
- Business Continuity Plan
Buster has a comprehensive Business Continuity and Disaster Recovery Plan in place to safeguard its employees and company assets, ensure the availability of mission-critical services and data, and quickly recover operations in the event of a significant business disaster or disruption. The plan is reviewed and tested annually, and includes measures such as remote work capabilities, backup and retention procedures, alternate communication methods, and three stages of response and recovery.
- Disaster Recovery Plan
Buster has a Disaster Recovery Plan in place to respond to disasters that may affect its business operations. The plan involves a three-stage process, including the disaster stage where senior management declares a disaster and emergency response measures are initiated, the response stage where the impact of the disaster is assessed and essential services are restored, and the recovery stage where the primary facility is re-established. The plan is reviewed and tested annually and includes measures such as alternate physical locations for employees, reliance on third-party services, backup and retention procedures, and communication methods.
1 more topic
- Threat Management
- Penetration Testing
Buster conducts periodic penetration testing to identify vulnerabilities in its systems and applications. The testing is performed by an authorized and independent third-party and is governed by a set of rules and procedures to minimize any impact on the production environment.
- Vulnerability Scanning
Buster conducts risk assessments to identify and evaluate potential threats and vulnerabilities to their systems, applications, infrastructure, and data. The risk assessment process is coordinated by Dallin Bentley, and any critical or high risks identified will be mitigated with action plans that consider contractual agreements, laws, regulations, and standards.
Sign up to view Buster's Subprocessors
Sign up to see the rest of Buster's posture and unlock unlimited access.
Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.