A. Physical Security

Busca-Apps utilizes data centers located at Amazon Web Services (AWS)* facilities and physical access is heavily controlled by AWS according to its own Information Security policy and specifically its Physical Access controls. Further details on AWS approach and compliance regarding information security and specific certifications/attestations including SOC, ISO 27001, ISO 27017 and ISO 27018 can be found below.

Encryption

Busca-Apps’ services are designed to provide data security and integrity. All services are accessed through encrypted connections using industry standard SSL/TLS*. Additionally, the architecture of some of the services provide further security of data by segregating the object data, the indices and the encryption keys on physically or logically separated systems. 

* Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 165 fully featured services from data centers globally. Millions of customers —including the fastest-growing startups, largest enterprises, and leading government agencies—trust AWS to power their infrastructure, become more agile, and lower costs.

* SSL stands for Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.

* TLS (Transport Layer Security) is just an updated, more secure, version of SSL. We still refer to our security certificates as SSL because it is a more commonly used term, but when you are buying SSL from Symantec you are actually buying the most up to date TLS certificates with the option of ECC, RSA or DSA encryption.  

Amazon Web Services (AWS) Compliance Programs

Global

CSA Cloud Security Alliance Controls	ISO 9001 Global Quality Standard	ISO 27001 Security Management Controls	ISO 27017 Cloud Specific Controls	ISO 27018 Personal Data Protection
PCI DSS Level 1 Payment Card Standards	SOC 1 Audit Controls Report	SOC 2 Security, Availability, & Confidentiality Report	SOC 3 General Controls Report

United States

CJIS Criminal Justice Information Services	DoD SRG DoD Data Processing	FedRAMP Government Data Standards	FERPA Educational Privacy Act	FFIEC Financial Institutions Regulation
FIPS Government Security Standards	FISMA Federal Information Security Management	GxP Quality Guidelines and Regulations	HIPAA Protected Health Information	HITRUST CSF Health Information Trust Alliance Common Security Framework
ITAR International Arms Regulations	MPAA Protected Media Content	NIST National Institute of Standards and Technology	SEC Rule 17a-4(f) Financial Data Standards	VPAT / Section 508 Accessibility Standards

Canada

FIPS Government Security Standards	Health Information Act (HIA) Privacy Legislation in Alberta	Personal Health Information Act (PHIA) Privacy Legislation in Nova Scotia	Personal Health Information Protection Act (PHIPA) Privacy Legislation in Ontario	Personal Information Protection and Electronic Documents Act (PIPEDA) Canada’s Federal Private Sector Privacy Legislation

Asia Pacific

FISC [Japan] Financial Industry Information Systems	IRAP [Australia] Australian Security Standards	K-ISMS [Korea] Korean Information Security	MTCS Tier 3 [Singapore] Multi-Tier Cloud Security Standard	OSPAR [Singapore] Outsourcing Guidelines

Europe

ASIP HDS [France] Personal Health Data Protection	C5 [Germany] Operational Security Attestation	Cyber Essentials Plus [UK] Cyber Threat Protection	ENS High [Spain] Spanish Government Standards	G-Cloud [UK] UK Government Standards
TISAX Automotive Industry Standard