At Bushel, we are committed to protecting customer data. To demonstrate our commitment, we maintain an information security program and are audited annually against SOC 2 Type II framework/criteria.
A SOC 2 examination is a report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy. SOC 2 reports are intended for our customers and the users of Bushel software who need detailed information and assurance regarding the security, availability, and processing integrity of the systems Bushel uses to process data and the confidentiality and privacy of the information processed by these systems.
As agriculture continues to digitize and more data is accessible, it is important to have controls in place to keep data safe.
Here’s a high-level overview of Bushel’s approach to data security:
Identify & Protect
Security Awareness & Training: Team members complete annual training to identify when bad actors are trying to get the information needed to access our systems. The engineering team is also trained on best practices on secure code design.
Data Encryption: We have implemented robust data encryption techniques to protect data. If someone tries to steal the data, encryption ensures that data is transformed into an unreadable form, making it useless.
Firewalls & Software Tools: Firewalls are the first line of defense to prevent bad actors from getting into our network. We also have tools that help detect known vulnerabilities in any third-party software and patch them timely.
Access Control and Authentication: This means implementing best practices related to strong passwords, multi-factor authentication, and role-based security.
Penetration Testing: How do we know that security measures are working? We hire good people who act like bad people – specializing in identifying vulnerabilities and hacking into systems. Their reports help us find more ways to improve our data security.
Detect
Monitoring and Software Tools: These are in place to detect and log any potential threats or breaches. These tools monitor 24 hours a day, 7 days a week. In addition, we have team members on call to respond to any potential alerts.
Respond & Recover
Incident Management: This is about being prepared. If a situation occurs, we need to know how to get the correct people involved, mitigate the issue, and communicate internally and externally. Our incident management process is used for security-related incidents and issues that could put our service reliability at risk. If we have a service outage or a key area of the product is not functioning properly, we create an incident to mitigate it as quickly as possible.
Disaster recovery exercises: Like any disaster plan, you hope it’s never actually needed. But we want to ensure we have the practices in place to mitigate any disaster. It may seem obvious, but one of the most important policies to have in place is doing regular and frequent backups. This is required for both disaster recovery and reducing the impact of any ransomware attacks.
These are just a few examples of how Bushel continues to protect customer data.
Interested in learning more about our security measures? Contact us.