Security & Compliance

Security & Compliance

Data centers and network security

Tracebuzz services are hosted on a private cloud from True.nl highlander platform in The Netherlands. As such, Tracebuzz inherits the control environment which True.nl maintains and demonstrates via True ISO 27001, ISO 9001, NEN 7510 certifications and ISAE 3402 Type 1 en 2 reports. Web servers and databases run on servers in multiple secure data centers.

Access Controls

Logical access to the Tracebuzz production system is restricted by an explicit need-to-know basis, utilizes least privilege. It is frequently audited and monitored and is controlled by the production and security teams from true.nl. Premises are monitored and access is logged.

Data Encryption

Tracebuzz encrypts all customer data, both in transit and at rest on disk. Communications between you and Tracebuzz are encrypted via HTTPS and Transport Layer Security (TLS) industry best-practices.

Software Platform Security


Security Audits

Every six months external security firms scan our software for vulnerabilities. Recent conclusion: “No security vulnerabilities were found with a high or critical security impact. That is good news. The security of the Tracebuzz platform proved to be hard to break. Although various improvements are found to further strengthen the platform, no high and critical security risks were found. That’s good. ”

Advanced Security Platform

Tracebuzz has comprehensive protection with the Advanced Security Platform We optimized our software security with real-time insight into common attacks (SQL injections, XSS), protection against Layer 3, 4 and 7 DDoS attacks and blocking rogue IP addresses.

Private Database and Application Servers

Our shared hosting solution is fully horizontally scalable on multiple servers in multiple datacenters. Businesses can use private application servers and database servers for an even more secure environment. The private servers allow hardware firewalling on ip addresses, data encryption on disk, own release schedule and logging settings.

Uptime

We have uptime of 99.9% or higher. You can check our past month stats at Tracebuzz Status

Employees


Incident Response Plan

We have educated all our staff on our policies and have implemented a formal procedure for security events.

Confidentiality Agreements

All staff and new employees are screened through the hiring process and required to sign non-disclosure and confidentiality agreements.

Background Checks

All new employees undergo criminal history and background checks prior to employment.

Security and Privacy training

All employees must take the Tracebuzz security awareness training at least once a year, which covers the information security policies, security best practices, and privacy principles.

Compliance certifications


ISO 27001:2017 and NEN 7510:2017

Tracebuzz is certified for ISO 27001:2017 and NEN 7510:2017, which are specifications for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes.

ISO 9001:2015

Tracebuzz is ISO 9001:2015 certified. We have set up a quality management system. ISO 9001:2015 is based on a number of quality management principles including a strong customer focus, the motivation and implication of our management, the process approach and continual improvement.

GDPR

Tracebuzz has designed its Privacy Program based on European privacy laws and is compliant with applicable laws to ensure that no matter where they are located, customers using our platform will be able to comply with any privacy framework, including the GDPR.

Privacy Focus


Internal Processes and Audit

Our Chief Privacy Officer works with our developers to make sure we comply with applicable international privacy laws. We do yearly audits to ensure continuous focus.

Data processing

We process personal data only on behalf of our customers. The gathered data will never be shared, used or sold to other customers. Our privacy practices are outlined in the privacy statement. Privacy statement

European Data Processing

Customers with strict data residency requirements have the option of having their data hosted, stored and backed up entirely within the EU. By default, your data is hosted in the Netherlands.

Backups & Monitoring

On an application level, we produce audit logs for all activities. We save log entries for analysis and use managed backup from True.nl for archiving purposes. All actions taken on the Tracebuzz application are logged.