Trust & Compliance
BugZero was founded by seasoned IT Operations professionals who understand the immense importance of information security. We are built on a foundation of security best practices, from our business architecture to our technology architecture.
Here at BugZero we are committed to uptime and transparency. You can see the status of our service and recent maintenance windows here.
BugZero statusBUSINESS & IT COMPLIANCE
BugZero’s security-first culture puts security and trust at the forefront of every part of our business. This is reflected in our commitment to meeting the highest standards, including SOC 2 compliance.
All vendors we leverage go through a review process in which their security controls are reviewed extensively.
In these days of BYOD and WFH, BugZero leverages a zero-trust approach to endpoint security.
All BugZero employee devices have full-disk encryption. Our hardware is protected by an endpoint security agent that provides NGAV and EDR/EPP capabilities, with 24/7/365 monitoring.
BugZero strictly follows the model of least privilege, only assigning access to the resources and services necessary. We also leverage MFA comprehensively.
APPLICATION & DATA SECURITY
Our platform is compliant with SOC 2, so you can be confident in the integrity of your data.
Our serverless, multi-tenant architecture guarantees world-class data privacy and a 99.9% uptime SLA.
Security is baked into BugZero’s application, and maintaining it is critical.
Certified ServiceNow app Designed and Built by Certified ServiceNow Architects
Scalable, enterprise grade AWS serverless Designed and Built by Certified AWS Architects Following AWS Well-Architected best practices
By ensuring that each customer’s data is stored in a dedicated AWS account, BugZero offers better uptime and reliability, leveraging the performance and data security of dedicated tenants
All BugZero data is encrypted with industry-standard cipher suites, whether at rest or in transit. Equally important, data is backed up within the dedicated tenant to ensure business continuity in the event of a failure
Our code is analyzed via Static Application Security Testing (SAST) during continuous integration (CI) as well as post-deployment
Our running application is subject to continuous penetration and security testing utilizing the latest generation Dynamic Application Security Testing (DAST) tools
API security