eazyBI Security

Compliance and Certifications

eazyBI successfully completed the AICPA Service Organization Control (SOC) 2 Type II audit. The audit (performed by Prescient Assurance) confirms that eazyBI information security practices, policies, procedures, and operations meet the SOC 2 standards for security. Our SOC 2 covers all five of the Trust Service Principles, including security, availability, processing integrity, confidentiality, and privacy.

Continuous SOC 2 compliance is monitored by Drata.

Visit our Trust Center page to see the status of security compliance monitoring tests.

Customers and prospects can request access to the audit report after accepting NDA terms.

Secure Personnel

Confidentiality or Non-Disclosure Agreements (NDAs) are signed by all employees and contractors, who have a need to access sensitive or internal information. Security training and testing are conducted for eazyBI employees and contractors.

eazyBI support team accesses application data only for purposes of application health monitoring and performing system or application maintenance, and upon customer request for support purposes. Only authorized eazyBI employees have access to application data.

Secure Software Development

All software development projects follow secure development lifecycle principles. All development undergo design review to ensure security requirements are incorporated. All software development team members undergo regular secure development training. Software development is conducted in line with OWASP Top 10 recommendations for web application security.

Secure Testing

eazyBI deploys third-party penetration testing and vulnerability scanning of all production and Internet-facing systems on a regular basis.

eazyBI bug bounty programs are hosted at HackerOne and Bugcrowd.

We perform static and dynamic software application security testing of all code, including open-source libraries, as part of our software development process.

Cloud Security

eazyBI Cloud provides maximum security with complete customer isolation in a modern, multi-tenant cloud architecture. eazyBI Cloud is hosted on the Google Cloud Platform (europe-west1 data center in Belgium and us-east4 in US).

• Each eazyBI account imported data are stored in a separate database schema and are isolated from other customer data. Each incoming web request is authenticated and authorized before access to customer data is allowed.
• All data is encrypted at rest and in transmission to prevent any unauthorized access and prevent data breaches.
• eazyBI application database full backups are performed once per day and are retained for 10 days. All backup data are encrypted. Backups are stored in the Google Cloud Platform.