A. Physical Security
Busca-Apps utilizes data centers located at Amazon Web Services (AWS)* facilities and physical access is heavily controlled by AWS according to its own Information Security policy and specifically its Physical Access controls. Further details on AWS approach and compliance regarding information security and specific certifications/attestations including SOC, ISO 27001, ISO 27017 and ISO 27018 can be found below.
Busca-Apps’ services are designed to provide data security and integrity. All services are accessed through encrypted connections using industry standard SSL/TLS*. Additionally, the architecture of some of the services provide further security of data by segregating the object data, the indices and the encryption keys on physically or logically separated systems.
* Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 165 fully featured services from data centers globally. Millions of customers —including the fastest-growing startups, largest enterprises, and leading government agencies—trust AWS to power their infrastructure, become more agile, and lower costs.
* SSL stands for Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.
* TLS (Transport Layer Security) is just an updated, more secure, version of SSL. We still refer to our security certificates as SSL because it is a more commonly used term, but when you are buying SSL from Symantec you are actually buying the most up to date TLS certificates with the option of ECC, RSA or DSA encryption.
Amazon Web Services (AWS) Compliance Programs
Cloud Security Alliance Controls
Global Quality Standard
Security Management Controls
Cloud Specific Controls
Personal Data Protection
Payment Card Standards
Audit Controls Report
Security, Availability, & Confidentiality Report
General Controls Report
Government Security Standards
Privacy Legislation in Alberta
Privacy Legislation in Nova Scotia
Privacy Legislation in Ontario
Canada’s Federal Private Sector Privacy Legislation
Financial Industry Information Systems
Australian Security Standards
Korean Information Security
Multi-Tier Cloud Security Standard
Personal Health Data Protection
Operational Security Attestation
Cyber Threat Protection
Spanish Government Standards
UK Government Standards
Automotive Industry Standard
Certifications / Attestations:
Compliance certifications and attestations are assessed by a third-party, independent auditor and result in a certification, audit report, or attestation of compliance.
Laws / Regulations / Privacy:
AWS customers remain responsible for complying with applicable compliance laws and regulations. In some cases, AWS offers functionality (such as security features), enablers, and legal agreements (such as the AWS Data Processing Agreement and Business Associate Addendum) to support customer compliance.
No formal certification is available to (or distributable by) a cloud service provider within these law and regulatory domains.
Alignments / Frameworks:
Compliance alignments and frameworks include published security or compliance requirements for a specific purpose, such as a specific industry or function. AWS provides functionality (such as security features) and enablers (including compliance playbooks, mapping documents, and whitepapers) for these types of programs.
Requirements under specific alignments and frameworks may not be subject to certification or attestation; however, some alignments and frameworks are covered by other compliance programs.