A. Physical Security

Busca-Apps utilizes data centers located at Amazon Web Services (AWS)* facilities and physical access is heavily controlled by AWS according to its own Information Security policy and specifically its Physical Access controls. Further details on AWS approach and compliance regarding information security and specific certifications/attestations including SOC, ISO 27001, ISO 27017 and ISO 27018 can be found below.


Encryption

Busca-Apps’ services are designed to provide data security and integrity. All services are accessed through encrypted connections using industry standard SSL/TLS*. Additionally, the architecture of some of the services provide further security of data by segregating the object data, the indices and the encryption keys on physically or logically separated systems. 



* Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 165 fully featured services from data centers globally. Millions of customers —including the fastest-growing startups, largest enterprises, and leading government agencies—trust AWS to power their infrastructure, become more agile, and lower costs.

* SSL stands for Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.

* TLS (Transport Layer Security) is just an updated, more secure, version of SSL. We still refer to our security certificates as SSL because it is a more commonly used term, but when you are buying SSL from Symantec you are actually buying the most up to date TLS certificates with the option of ECC, RSA or DSA encryption.  




Amazon Web Services (AWS) Compliance Programs


Global

Cloud Security Alliance Controls
Global Quality Standard
Security Management Controls
Cloud Specific Controls
Personal Data Protection







Payment Card Standards

Audit Controls Report

Security, Availability, & Confidentiality Report
General Controls Report




United States

Criminal Justice Information Services
DoD Data Processing

Government Data Standards

Educational Privacy Act

Financial Institutions Regulation








Government Security Standards
Federal Information Security Management

Quality Guidelines and Regulations

Protected Health Information

Health Information Trust Alliance Common Security Framework





International Arms Regulations
Protected Media Content

National Institute of Standards and Technology
Financial Data Standards

Accessibility Standards



Canada








Government Security Standards

Privacy Legislation in Alberta

Privacy Legislation in Nova Scotia
Privacy Legislation in Ontario
Canada’s Federal Private Sector Privacy Legislation



Asia Pacific









Financial Industry Information Systems
Australian Security Standards
Korean Information Security

Multi-Tier Cloud Security Standard
Outsourcing Guidelines



Europe





Personal Health Data Protection
Operational Security Attestation
Cyber Threat Protection

Spanish Government Standards
UK Government Standards










Automotive Industry Standard






Certifications / Attestations:

                     

Compliance certifications and attestations are assessed by a third-party, independent auditor and result in a certification, audit report, or attestation of compliance.

                               

Laws / Regulations / Privacy:

                     

AWS customers remain responsible for complying with applicable compliance laws and regulations. In some cases, AWS offers functionality (such as security features), enablers, and legal agreements (such as the AWS Data Processing Agreement and Business Associate Addendum) to support customer compliance.

           

No formal certification is available to (or distributable by) a cloud service provider within these law and regulatory domains.

                               

Alignments / Frameworks:

                     

Compliance alignments and frameworks include published security or compliance requirements for a specific purpose, such as a specific industry or function. AWS provides functionality (such as security features) and enablers (including compliance playbooks, mapping documents, and whitepapers) for these types of programs.

           

 Requirements under specific alignments and frameworks may not be subject to certification or attestation; however, some alignments and frameworks are covered by other compliance programs.