A. Physical Security
Busca-Apps utilizes data centers located at Amazon Web Services (AWS)* facilities and physical access is heavily controlled by AWS according to its own Information Security policy and specifically its Physical Access controls. Further details on AWS approach and compliance regarding information security and specific certifications/attestations including SOC, ISO 27001, ISO 27017 and ISO 27018 can be found below.
Encryption
Busca-Apps’ services are designed to provide data security and integrity. All services are accessed through encrypted connections using industry standard SSL/TLS*. Additionally, the architecture of some of the services provide further security of data by segregating the object data, the indices and the encryption keys on physically or logically separated systems.
* Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 165 fully featured services from data centers globally. Millions of customers —including the fastest-growing startups, largest enterprises, and leading government agencies—trust AWS to power their infrastructure, become more agile, and lower costs.
* SSL stands for Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details.
* TLS (Transport Layer Security) is just an updated, more secure, version of SSL. We still refer to our security certificates as SSL because it is a more commonly used term, but when you are buying SSL from Symantec you are actually buying the most up to date TLS certificates with the option of ECC, RSA or DSA encryption.
Amazon Web Services (AWS) Compliance Programs
Global
![]() | ||||
Cloud Security Alliance Controls | Global Quality Standard | Security Management Controls | Cloud Specific Controls | Personal Data Protection |
Payment Card Standards | Audit Controls Report | Security, Availability, & Confidentiality Report | General Controls Report |
United States
Canada
![]() | ![]() | |||
Government Security Standards | Privacy Legislation in Alberta | Privacy Legislation in Nova Scotia | Privacy Legislation in Ontario | Canada’s Federal Private Sector Privacy Legislation |
Asia Pacific
Financial Industry Information Systems | Australian Security Standards | Korean Information Security | Multi-Tier Cloud Security Standard | Outsourcing Guidelines |
Europe
![]() | ||||
Personal Health Data Protection | Operational Security Attestation | Cyber Threat Protection | Spanish Government Standards | UK Government Standards |
Automotive Industry Standard |
Certifications / Attestations:Compliance certifications and attestations are assessed by a third-party, independent auditor and result in a certification, audit report, or attestation of compliance.
| Laws / Regulations / Privacy:AWS customers remain responsible for complying with applicable compliance laws and regulations. In some cases, AWS offers functionality (such as security features), enablers, and legal agreements (such as the AWS Data Processing Agreement and Business Associate Addendum) to support customer compliance. No formal certification is available to (or distributable by) a cloud service provider within these law and regulatory domains.
| Alignments / Frameworks:Compliance alignments and frameworks include published security or compliance requirements for a specific purpose, such as a specific industry or function. AWS provides functionality (such as security features) and enablers (including compliance playbooks, mapping documents, and whitepapers) for these types of programs. Requirements under specific alignments and frameworks may not be subject to certification or attestation; however, some alignments and frameworks are covered by other compliance programs.
|