{color=#FFFFFF, opacity=100, rgba=rgba(255, 255, 255, 1), rgb=rgb(255, 255, 255), hex=#FFFFFF, css=#FFFFFF}
At BoostUp, security is core to our business and product. It is a fundamental part of our platform and is essential to our business. As a Revenue Operations & Intelligence platform, we analyze and process sensitive data – revenue, call, and activity – for our customers. Our customers and partners trust us with their sensitive data, and we shoulder the responsibility to ensure appropriately managed security, confidentiality, and integrity of that data. We pride ourselves on our commitment to having the most robust security practices and safeguards implemented across the entire application stack and being proactive and responsive to our customers’ data security.
{color=#FFFFFF, opacity=100, rgba=rgba(255, 255, 255, 1), rgb=rgb(255, 255, 255), hex=#FFFFFF, css=#FFFFFF}
BoostUp is hosted entirely on Amazon Web Services (AWS), providing end-to-end security and privacy features built-in. Our team takes additional proactive measures to ensure a secure infrastructure environment. Gartner Research positions AWS in the Leaders quadrant of the new 2021 Magic Quadrant for Cloud Infrastructure & Platform Services (CIPS). For more specific details regarding AWS security, please visit AWS Security.
{color=#FFFFFF, opacity=100, rgba=rgba(255, 255, 255, 1), rgb=rgb(255, 255, 255), hex=#FFFFFF, css=#FFFFFF}
BoostUp has partnered with the independent audit firm of Dansa D’Arata Soucia LLP, which has worked with numerous fast-moving start-ups across broad industry verticals. We chose the option of initially completing a SOC2 Type I audit, followed by a SOC2 Type II audit which we received in September 2020. We annually retest our SOC2 controls and are expanding our compliance programs in 2022 to include: (CAIQ)
{color=#FFFFFF, opacity=100, rgba=rgba(255, 255, 255, 1), rgb=rgb(255, 255, 255), hex=#FFFFFF, css=#FFFFFF}
Ongoing internal network security audits and scanning give us an overview for quickly identifying impacted systems and services. According to our in-house patch management policy, operating systems, software, frameworks, and libraries used in BoostUp infrastructure are regularly updated to the latest versions.
Furthermore, whenever a vulnerability in a product used by BoostUp or a high or critical vulnerability is publicly reported, prompt actions are taken to mitigate any potential risks for our customers. We apply hotfixes and patches promptly when available and/or implement pro-active mechanisms like configuration of firewalls or IDS/IPS.
With BoostUp, we are committed to providing the highest security measures to ensure your data remains safe while giving you the control you desperately need.
Granular security policies
Selectively allow or deny field access for your organization. Easily set customer expiration dates for any data fields to further protect your data.
Auditable log access
Quickly audit our security log at any time and in real-time. This level of detail puts you in control of your own data.
User consent supported
Manage consent and access to applications at the user level. Alternatively, you can centralize the decision-making process with your security administrator team.
Everyone at BoostUp is committed to protecting our customers' data. That’s why we continually monitor our network security and infrastructure allowing us to identify any vulnerabilities, their severity and resolve them quickly.
Information security protected by Amazon Web Services
AWS is the most flexible and secure cloud computing environment available. BoostUp's core offering relies on this infrastructure and satisfies modern-day SaaS offerings' security requirements. This is backed by a deep set of cloud security tools and a "follow the sun" support model by dedicated BoostUp staff overseeing and managing security, compliance, and governance controls and features.
Data security by SSO and dual-factor authentication
BoostUp only allows login via Single Sign-On (SSO). SSO login is supported for Google Apps and Office365. As a result, BoostUp never stores any user passwords in our database.
We provide your team with access control
BoostUp employs the principle of least privilege – users should only be able to access functions, data files, URLs, controllers, services, and other resources they possess specific authorization. BoostUp makes extensive use of security groups to restrict access to minimum levels to all servers and resources.
Data encryption at rest and in motion
BoostUp deploys on AES256 encryption and implementations that have been validated against FIPS 140-2 protocols. TLS is used for all connections. All sensitive data is encrypted at rest and in transit across all networks.
{color=#FFFFFF, opacity=100, rgba=rgba(255, 255, 255, 1), rgb=rgb(255, 255, 255), hex=#FFFFFF, css=#FFFFFF}
All SQL queries, HQL, OSQL, NOSQL and stored procedures, calling of stored procedures are protected and not susceptible to SQL injection. BoostUp.ai application has security controls in place to prevent LDAP injection, OS command injection, Remote File Inclusion (RFI), Local File Inclusion (LFI), XML attacks and DOM Cross-Site Scripting (XSS) attacks.
{color=#FFFFFF, opacity=100, rgba=rgba(255, 255, 255, 1), rgb=rgb(255, 255, 255), hex=#FFFFFF, css=#FFFFFF}
BoostUp proactively monitors our infrastructure to identify any vulnerabilities and continuously works with security researchers to verify and address any issues. Please refer to our Vulnerability Disclosure Policy for more details.
