Data Center/Physical Security
BIM Track customer data is stored in Microsoft Azure data centers, which are ISO/IEC 27001- and ISO/IEC 27018-certified. These data centers have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the datacenter floor. For more information, see Azure Facilities, premises, and physical security.
Data Hosting locations
All customer data is stored on servers located in Canada, the United States and in Europe. To learn more, see Data Locations.
In April 2020, BIM Track achieved ISO 27001 certification. You can find out more about this certification here.
BIM Track also follows the requirements of the General Data Protection Regulation (GDPR) which is a European privacy law that regulates how personal data of individuals in the EU can be collected and used by businesses.
Credit card information is processed securely in accordance with the Payment Card Industry’s Data Security Standards (PCI-DSS).
- We provide a password manager to all employees to empower them with password security.
- Multi-factor authentication is required on critical systems.
- Access is granted on a need-to-know basis and according to the principle of least privilege.
- Access is revoked immediately after an employee or a supplier’s termination.
- All laptops used by employees are fully encrypted.
- BIM Track offices are secured by keycard access. Visitors have to be accompanied at all times.
Internal Protocol and Education
- We have a comprehensive security policy in place, which all of our employees must read, accept, and acknowledge regularly.
- We provide on-going information to our employees regarding privacy and security best practices.
- Employees receive annual security awareness training and must sign non-disclosure agreements as a condition of employment.
- Information is encrypted in transit (TLS) and at rest.
- Passwords are encrypted in the database using a state-of-the-art encryption algorithm.
- All computers used to access customer data must be encrypted.
System Development Lifecycle
Our development team employs secure coding techniques and best practices focused around the OWASP tools and standards. Our team always has access to our application security specialized services.
Development, testing, and production environments are segregated. Quality Assurance is involved at each phase of the lifecycle and we regularly perform vulnerability scanning, as well as regression testing and penetration testing. All changes are peer reviewed and logged prior to deployment into the production environment.
We have a documented business continuity plan to ensure that critical operations are completed in a timely manner in the event of a business disruption.
Data is regularly backed up and available if a problem occurs.
In addition to BIM Track’s security measures, the following practices will help you protect your account.
Choose a strong password and store it safely. A password manager can help you create strong passwords and sign in to your accounts quickly.
User access review
Regularly review user roles. This will ensure that only authorized users continue to access your projects.
Cyber security vigilance
Remain vigilant against phishing. Test your ability to recognize phishing attempts here.
Protect your computer with antivirus software.
If you believe you have found a security vulnerability, please contact us at firstname.lastname@example.org. We review all security concerns brought to our attention and make every effort to quickly correct any vulnerability.
The information and resources provided in this article are meant to summarize our security practices. Please do not hesitate to contact us with any questions you may have about our investment in security.