SECURITY

BraveGen Software Security

Our hosting and service delivery infrastructure ensures the highest level of security. This is supported by a world-class network, data and physical security environment. Security is an ongoing process, not a singular event – we continuously evaluate and reinforce our security policy and practices.

 

How is BraveGen more secure than desktop software?

With BraveGen your data isn’t stored on your computer – if your laptop crashes, or gets lost, or stolen, all your data remains completely safe and unaffected. By allowing your advisor to have secure access to your data within BraveGen, it’s much more secure than emailing your data files or sending out discs with your data on it.

SSL

Our servers have SSL Certificates signed by global leaders in certificates, Amazon Web Services and Comodo, so all data transferred between the user and the service is encrypted. The encryption is the same as that used for Internet banking.

User access

No one has access to your organisation unless invited by you and with a level of user permission selected by you. You can remove any invited users whenever you want. You also have the option to invite your advisors and suppliers. It’s completely at your discretion.

Firewalls & network security

External access to our servers is controlled by multiple layers of firewalls, intrusion protection systems and routers, which are configured and monitored according to industry best practice. Our own internal office networks are isolated from any customer data by design.

User passwords

Users must choose a strong password and automatic lockouts are enforced when incorrect passwords are repeatedly entered. We don’t allow the browser to save your login, which eliminates access from a stolen or compromised computer. If you leave your computer unattended for an extended period, you will be automatically logged out.

Third party audits and inspections

Our security is reviewed regularly and audited by external specialists. This includes penetrative testing and automated server port security scanning.

Data protection

We run secure offsite backups nightly, full backups daily and transaction log backups of our database every 30 minutes so we can immediately recover your data if necessary.

Physical security

Our Data Centres

Our servers are located within Amazon, enterprise grade hosting facilities. Our data centers implement and adhere to ISO 27001, 27017, and 27018. ISO 27001 certification can be downloaded here. Access is restricted to authorised Amazon staff by a combination of biometric systems and 24/7 onsite security guards, and is continually audited to meet SAS 70 Type II standards.

Our Offices

Our offices are secure 24/7 and only accessible by our staff via electronic key. We apply security policies on our network (e.g. no USB file storage access), use enhanced password policies and multi-factor authentication, enforce user screen timeouts and have advanced end point security on all computers and devices protecting against malware, viruses, file-less and script based, cyber and ransomware attacks.

We use third party managed services providing real-time web gateway security, dark web research for compromised passwords, firewall intrusion detection and prevention, SIEM log management and security awareness training for our staff.

Security Noticeboard

Our Security Noticeboard is where you’ll find updates on known security related issues, as well as any recommendations on how to protect yourself from them. We’ll also post other security related news from BraveGen on the Noticeboard. If you have questions about security matters, or notice any unusual activity or emails related to BraveGen, please contact our Support team.

Steps you can take to stay protected

We work very hard to keep BraveGen secure. Here are some simple steps you can take to stay protected:

  1. Create a password nobody can guess, so no dictionary words or family names. Be cryptic or use multi-word pass phrases – easy to remember, hard to crack.
  2. Don’t share your password with anybody.
  3. Don’t write your password on a sticky note and attach it to your computer.
  4. Keep your browser software up to date.
  5. Make sure you only login at the link you were provided when signing up to our service.