Data Protection
ESG Playbook is SOC 2 Compliant
Security Measures
For the ESG Playbook Platform we enforce a number of security measures to ensure the user and company data is safe and secure. Below is a list of measures we enforce:
- We capture authentication level logs to be able to fully audit access.
- We facilitate traffic/activity monitoring in order to detect unusual user activity.
- At a development level, we use security analysis tools to help us exclude third party dependency vulnerabilities.
- We require our team members to document every authentication and permission rule change within our application. Authentication rule changes are also captured via Google Cloud Platform’s logging.
- Our services are resilient against application level attacks like Cross Site Scripting and Distributed Denial of Service.
- We limit production level access and multi factor authentication anywhere that it is enabled. Anyone with production access cannot access backups so that if a malicious user happened to access production, backups/redundancy would not be compromised.
- We hold a monthly review of security risks and compliance.
At this moment, we solely use Google’s cloud infrastructure products so many backend security considerations are handled on their end. See Google’s security and compliance documentation for rules and protocols they follow which run our backend:
https://cloud.google.com/security
We are always open to discussing your security needs and improving our processes if you need more security assurance in any additional areas not listed above.
Supported Security Compliance Protocols
We review privacy standards to ensure we are compliant in the jurisdictions our customers operate in.
ISO and SOC Compliance
The ESG Playbook platform uses the Google Cloud Platform (GCP) Firebase and Firebase is certified under major privacy and security standards.
All Firebase services (aside from App Distribution and Firebase App Indexing) have successfully completed the ISO 27001 and SOC 1, SOC 2, and SOC 3 evaluation process, and some have also completed the ISO 27017 and ISO 27018 certification process. Compliance reports and certificates for Firebase services governed by the GCP Terms of Service may be requested via the Compliance Reports Manager.
Data Back-up Process
We have managed to create a function and scheduler in Google Cloud Platform (GCP). The schedule runs daily at midnight and the back-up is stored in the back-up storage.
Retrieving a back-up is administered starting with a formal request from the company management.
Incident Response
We track customer issues via an internal JIRA-like work item manager. Issues can be submitted via the feedback form on the ESG Playbook web app or via email to support@esgplaybook.com.
Issues are responded to promptly and generally resolved within 24 hours. Relevant users will be updated on the issue progress.
Build and Release Management
Our application passes a series of automated unit tests and QA testers before reaching production. We are able to roll back changes within an hour in the case of an issue being pushed to production. Users are notified of new features via the home page sidebar panel under “What’s New on ESG Playbook?”. Users must be logged in to view this information.
Datacenter Location
US-Central multi-region
https://firebase.google.com/docs/firestore/locations#location-mr