Data centers and network security
Tracebuzz services are hosted on a private cloud from True.nl highlander platform in The Netherlands. As such, Tracebuzz inherits the control environment which True.nl maintains and demonstrates via True ISO 27001, ISO 9001, NEN 7510 certifications and ISAE 3402 Type 1 en 2 reports. Web servers and databases run on servers in multiple secure data centers.
Logical access to the Tracebuzz production system is restricted by an explicit need-to-know basis, utilizes least privilege. It is frequently audited and monitored and is controlled by the production and security teams from true.nl. Premises are monitored and access is logged.
Tracebuzz encrypts all customer data, both in transit and at rest on disk. Communications between you and Tracebuzz are encrypted via HTTPS and Transport Layer Security (TLS) industry best-practices.
Every six months external security firms scan our software for vulnerabilities. Recent conclusion: “No security vulnerabilities were found with a high or critical security impact. That is good news. The security of the Tracebuzz platform proved to be hard to break. Although various improvements are found to further strengthen the platform, no high and critical security risks were found. That’s good. ”
Advanced Security Platform
Tracebuzz has comprehensive protection with the Advanced Security Platform We optimized our software security with real-time insight into common attacks (SQL injections, XSS), protection against Layer 3, 4 and 7 DDoS attacks and blocking rogue IP addresses.
Private Database and Application Servers
Our shared hosting solution is fully horizontally scalable on multiple servers in multiple datacenters. Businesses can use private application servers and database servers for an even more secure environment. The private servers allow hardware firewalling on ip addresses, data encryption on disk, own release schedule and logging settings.
We have uptime of 99.9% or higher. You can check our past month stats at Tracebuzz Status
Incident Response Plan
We have educated all our staff on our policies and have implemented a formal procedure for security events.
All staff and new employees are screened through the hiring process and required to sign non-disclosure and confidentiality agreements.
All new employees undergo criminal history and background checks prior to employment.
Security and Privacy training
All employees must take the Tracebuzz security awareness training at least once a year, which covers the information security policies, security best practices, and privacy principles.
ISO 27001:2013 and NEN 7510:2017
Tracebuzz is certified for ISO 27001:2013 and NEN 7510:2017, which are specifications for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes.
Tracebuzz is ISO 9001:2015 certified. We have set up a quality management system. ISO 9001:2015 is based on a number of quality management principles including a strong customer focus, the motivation and implication of our management, the process approach and continual improvement.
Tracebuzz has designed its Privacy Program based on European privacy laws and is compliant with applicable laws to ensure that no matter where they are located, customers using our platform will be able to comply with any privacy framework, including the GDPR.
Internal Processes and Audit
Our Chief Privacy Officer works with our developers to make sure we comply with applicable international privacy laws. We do yearly audits to ensure continuous focus.
We process personal data only on behalf of our customers. The gathered data will never be shared, used or sold to other customers. Our privacy practices are outlined in the privacy statement. Privacy statement
European Data Processing
Customers with strict data residency requirements have the option of having their data hosted, stored and backed up entirely within the EU. By default, your data is hosted in the Netherlands.
Backups & Monitoring
On an application level, we produce audit logs for all activities. We save log entries for analysis and use managed backup from True.nl for archiving purposes. All actions taken on the Tracebuzz application are logged.