Brilliant’s security policy establishes its position on a range of security-related topics. While executive leadership is accountable for the execution of the program, the entire company works diligently to ensure that the security of our customers comes first. Our policies reflect our commitment to providing a trusted solution.
Brilliant aligns its information security program to the NIST 800-53 framework. Maturation of the information security program is driven by alignment to this framework and an understanding of any potential or evolving threats.
As a corporate gifting company, Brilliant has issued our SOC 2 Type 1 Report, which undergoes an external audit demonstrating our adherence to the security commitments made to our customers. This attestation reflects our ongoing dedication to provide a trusted solution to our valued customers.
Brilliant has partnered with independent security resources to ensure it is properly executing its security program. We believe that consistent monitoring of our platform through regular vulnerability assessments and penetration tests along with review of our policies, vendor management, and risk management programs is critical for our information security program. We rely on our relationships with security, compliance, and governance partners to ensure Brilliant is held to the highest standards.
Brilliant’s Security Training is a mandatory requirement for all employees. All employees are required to complete security awareness training upon hire and annually thereafter.
Application security is particularly important. With applications running in the cloud, we know our cloud partner is responsible for infrastructure level security; but through their Shared Responsibility model, we are responsible for our application security. To ensure that Brilliant follows best practices for application security, we train on the OWASP Top 10 and do code reviews for security.
Brilliant secures all data in transit via TLS 1.2+. Systems are configured to require the TLS protocol, meeting industry standards for externally facing systems. You can view an up to date assessment of our TLS configurations by visiting SSL Labs SSL Test.
Symmetric encryption (AES-256) is used to protect data at rest. This ensures that data is only viewable by authorized users.
Brilliant’s environment is highly-restricted by design. Access controls are in place to ensure that data is only available to appropriate parties. MFA is also enforced for all Brilliant employees.
Brilliant’s web application is hosted in the United States.
It is critical that Brilliant handle incidents and potential issues or breaches with the utmost care. Brilliant recognizes that a breach is a significant adverse event and that a poor response can cause harm to the organization, employees, partners, and/or customers. Our Incident Response Policy and Procedure is reviewed and updated on an annual basis. We test our Incident Response Procedure on an annual basis. All incidents are tracked in our incident tracker. Brilliant shall notify any third party, client, vendor or partner affected by an incident within 24 hours of the incident and potential breach.
We have a formal program to identify, track and manage risk. Each identified risk shall be tracked in a risk register and assigned to a specific management representative for handling and follow through. Each risk identified shall be explicitly accepted or addressed. The risk register shall track progress on action plans to ensure that identified risks get closed out. We also have a 3rd party perform a Risk Assessment on an annual basis.
Questions or further information needed? Please reach out to security@brilliantmade.com
