Brandkit - The Brand Toolkit Platform Start Tour Why Brandkit? How it works Search All Features Use Cases Customer Case Studies Integrations Custom Design Website Design & Build AI powered Brand Bot Brand Safe™ Single Source of Truth UGC (User Generated Content) What's new?
Place, Destination or Tourism Marketing Public Sector Product marketing Services marketing Charities & Not-for-Profits Designers and Creative Agencies Franchising Other
Customers Pricing Blog Change locale en - English en_US - English (US)
609 words #714285

Brandkit Information Security Policy

Last Updated: 1 Feb 2025

1. Purpose

Brandkit is committed to protecting customer data and ensuring the security, availability, and confidentiality of its services. This policy outlines security controls and procedures required for SOC 2 compliance.

2. Scope

This policy applies to all employees, contractors, and third-party service providers handling Brandkit systems, data, or infrastructure.

3. Security Policies

3.1 Access Control Policy

Objective

Ensure only authorized personnel have access to systems and data.

Key Controls

  • Least Privilege: Access is granted based on job role and business need.
  • Multi-Factor Authentication (MFA): Required for all admin accounts and cloud services.
  • Access Reviews: Conducted quarterly to validate permissions.
  • Offboarding: Immediate removal of access upon contract termination.

3.2 Data Security & Encryption Policy

Response.

Objective

Protect data at rest and in transit.

Key Controls

  • Encryption:
    • Data in transit: Enforced via TLS 1.2+.
    • Data at rest: Encrypted using AES-256.
  • Data Classification:
    • Confidential (customer data, internal records)
    • Restricted (internal use only)
    • Public (marketing materials)
  • Data Retention: Customer data is retained as per contract terms, then securely deleted.

3.3 Security Incident Response Policy

Objective

Quickly detect, respond to, and recover from security incidents.

Incident Classification & Response Times

  1. Critical (P1) | Data breach, ransomware, unauthorized admin access | Response: 15 min | Resolution : 4 hours
  2. High (P2) | Compromised credentials, malware infection | Response 1 hour | Resolution 24 hours
  3. Medium (P3) | Phishing attempt, policy violation | Response 4 hours | Resolution 72 hours
  4. Low (P4) | Minor security issue, lost device (no sensitive data) |Response 24 hours | Resolution 7 days

Incident Response Steps

  1. Report It: Post in Security Incidents in Basecamp or email security@brandkit.com.
  2. Assess & Contain: Security Lead classifies and isolates affected systems.
  3. Investigate & Fix: Identify root cause and implement a fix.
  4. Document & Learn: Incident report created and lessons incorporated.

3.4 Vendor Management Policy

Objective

Ensure third-party vendors meet security standards.

Key Controls

  • Security Review: All new vendors must complete a security questionnaire.
  • Contracts: Must include SOC 2-compliant security clauses.
  • Annual Reassessment: High-risk vendors reviewed annually.

3.5 Change Management Policy

Objective

Ensure secure and controlled system changes.

Key Controls

  • Change Review: All code/config changes reviewed via pull requests in Github
  • Testing: Security testing required for major changes.
  • Approval Process: High-impact changes require manager approval.

3.6 Disaster Recovery & Business Continuity Policy

Objective

Ensure Brandkit remains operational during a disruption.

Key Controls

  • Replication
    • database is replicated in real-time in geo-redundant locations.
    • uploaded files are replicated in real-time in geo-redundant locations.
  • Backups:
    • Customer data in database is backed up hourly and daily.
      • Encrypted backups stored in geo-redundant locations.
  • Recovery Objectives:
    • RTO (Recovery Time Objective): 4 hours
    • RPO (Recovery Point Objective): 24 hours
  • Testing: Disaster recovery plan tested annually.

3.7 Logging & Monitoring Policy

Objective

Detect security threats and unauthorized activity.

Key Controls

  • Log Retention: Security logs retained for 12 months.
  • Monitoring Tools: Alerts for unauthorized access or suspicious activity.
  • Review: Security logs reviewed monthly.

3.8 Security Awareness & Training Policy

Objective

Ensure employees understand security best practices.

Key Controls

  • Onboarding Training: All new hires complete security training.
  • Ongoing Training: Conducted annually.
  • Phishing Tests: Conducted quarterly.

4. Compliance & Enforcement

  • Regular SOC 2 audits ensure compliance.
  • Failure to follow security policies may result in disciplinary action.

5. Roles & Responsibilities

Role Responsibilities

  • All Employees: Report security incidents, follow security policies.
  • Security Officer: Manages incidents, oversee security strategy.
  • Engineering Team: Implement and maintain security controls.
  • Leadership: Ensure compliance and risk management.

6. Policy Review & Updates

This policy is reviewed and updated annually or after major security events.

~ End ~

Brandkit Information Security Policy

Asset type post
ID 714285
Word count 609 words

License

License Worldwide Paid and Unpaid Available to anyone for royalty free use in paid and unpaid media worldwide, provided Brandkit benefits from such use, and Brandkit.com (or the named Credit if provided) is credited.
Expiry No expiry date
Release date
Added at
Updated at:

Join 163,148+ users already on Brandkit

Your story matters. Help your collaborators find your content, tell your story with confidence, and build a stronger brand. All for a reasonable and fair price. See pricing here.

Book a Demo

~

And/Or you can subscribe to our updates below.

Register/Login to Subscribe

^ Statistics above last updated 3 May 2025

Independent Reviews via Gartner Group

Capterra review badge

"Easy to use."

GetApp review badge

"Great value product."

Software Advice Review Badge

"Great to work with."