Security Controls Overview
This document summarizes BRidge’s security architecture and controls. It complements the EULA, Privacy Policy, Terms, and DPA.
Scope: Production application/API, admin portals, storage, logging/observability, and supporting infrastructure. Customer-enabled integrations (e.g., webhooks) are in shared-responsibility scope.
1. Architecture & Tenant Isolation
- Multi-tenant application with logical isolation at the data layer (per-tenant scoping, IDs, RBAC).
- Network segmentation and least-privilege service accounts; no direct database exposure to the public internet.
- Static assets served via hardened CDN/edge; origin behind WAF and DDoS protections.
2. Encryption & Key Management
- In transit: TLS 1.2+ everywhere; HSTS at the edge where enabled; secure cipher suites only.
- At rest: provider-managed encryption for databases, object storage, and backups.
- Key material via cloud KMS/HSM-backed services; no plaintext secrets in source; periodic rotation policy (at least annually or upon compromise).
3. Authentication, Authorization & Session Security
- Server-enforced RBAC (admin/manager/buyer/seller), least-privilege by default.
- Sessions via secure, HttpOnly cookies; login rate limiting; optional IP throttling; optional SSO/OIDC.
- Password hashing with bcrypt (work factor tuned periodically); administrative sessions auto-expire.
4. API Security
- Idempotency keys for mutating routes; strict content-type & schema validation.
- Global & per-key rate limits; pagination and bounded filters to mitigate abuse.
- Webhook HMAC signatures with timestamped replay protection; request IDs for end-to-end traceability.
5. Secure-by-Default HTTP Headers
- Content-Security-Policy (CSP) with restrictive script/font/img sources.
- Frame-ancestors/X-Frame-Options; Referrer-Policy; Permissions-Policy.
- X-Content-Type-Options; cross-origin resource sharing limited to allowed origins.
6. Logging, Monitoring & Audit
- Structured logs (request ID, actor, route, status); PII scrubbing for error tracking.
- Metrics via Prometheus/Grafana: latency, error rate, saturation; alerting on SLO breaches.
- Immutable audit trail with hash-chaining and daily seals for critical events (contracts, BOLs, auth).
- Time synchronization (NTP/chrony) across fleet to preserve forensic integrity.
7. Vulnerability & Patch Management
- Dependency scanning (CVE monitoring); routine patch windows and emergency fixes for high/critical items.
- Container hardening (minimal base images), signature/pinning where supported; SBOM generated for core services; supply-chain controls aligned with SLSA concepts where practical.
- Independent penetration testing at least annually; remediation tracked to closure with risk owners.
8. Data Classification & Retention
- Classes: Public, Internal, Confidential, Regulated. Personal data treated as Confidential by default.
- Retention: logs 90–365 days (rolling TTL); backups per DR schedule; billing/records 7 years.
- Deletion/export pathways per DPA and regional laws (processor support for controller requests).
9. Business Continuity & Disaster Recovery
- Targets: RTO ≤ 15 minutes; RPO ≤ 60 seconds for core databases (objectives, not guarantees).
- Encrypted backups; periodic snapshot & restore tests; infra-as-code for reproducible environments.
10. Incident Response
- Runbooks for triage, containment, eradication, recovery, and post-incident review (PIR).
- Customer breach notices without undue delay per DPA; coordinated communications via status page/email.
- Forensics & chain-of-custody; centralized timelines with synchronized clocks.
11. Change Management & SDLC
- Peer review & CI with tests/linting; staged deploys/canaries where applicable; rollback plans.
- Infra changes tracked in version control; immutable artifacts where supported.
- Secure development awareness training for engineers annually.
12. Secrets & Configuration
- Secrets in managed vaults; runtime injection; least-privilege access; rotation at least annually or on key events.
- No secrets in source control; automated pre-commit scans to prevent leakage.
13. Vendor & Subprocessor Management
- Risk-based due diligence; contractual DP terms; periodic reassessment.
- Public list at /legal/subprocessors with notice & objection per DPA.
14. Framework Mapping (Illustrative)
| Control Area | BRidge Practice | ISO 27001 Annex A | SOC 2 Trust / CC |
|---|
| Access Control | RBAC, least-privilege, session hardening | A.5, A.9 | CC6.x |
| Cryptography | TLS 1.2+, KMS/HSM, at-rest encryption | A.10 | CC6.7 |
| Operations Security | Logging, monitoring, patching, backups | A.12 | CC7.x |
| Supplier Relationships | Subprocessor due diligence & contracts | A.15 | CC9.2 |
| Incident Management | IR runbooks, PIR, breach notices | A.16 | CC7.4 |
| Business Continuity | RTO/RPO targets, restore testing | A.17 | CC7.3 |
| Development Security | SDLC controls, code review, CI checks | A.14 | CC8.x |
15. Shared Responsibility Model
| Area | Atlas | Customer |
|---|
| Application & platform security | Design, patching, monitoring | Tenant configuration, role hygiene |
| Data protection | Encryption, backups, retention | Data accuracy; export/erasure requests |
| Integrations & webhooks | Secure endpoints, signing | Secure receivers, secret rotation |
| User access | RBAC framework, auth controls | Provisioning, offboarding, MFA/SSO |
16. Coordinated Vulnerability Disclosure
If you believe you’ve found a security issue, email info@atlasipholdingsllc.com. Do not perform denial-of-service or access data you don’t own. Good-faith reports that follow our AUP will be reviewed promptly.