Security and Reliability Safeguards

At BizMerlin, we know that our customers rely on us as an important part of their business processes and record keeping.  We take our responsibilities to our customers seriously, and the security and reliability of the software, systems and data that make up the BizMerlin application are our top priority.

SECURITY

  • SSL: All information traveling between your browser and BizMerlin is protected from eavesdroppers with SSL encryption. The lock icon in your browser lets you verify that you aren’t talking to a phishing site impersonating BizMerlin and that your data is secure in transit.
  • Firewalls: We use server level firewalls to protect our infrastructure from outsider threats. We allow specific IP and port based access to our servers.
  • Vulnerability scanning: We use AWS vulnerability tools like AWS inspector and AWS Test Advisor. These scans test our servers both from the Internet and from inside our network, and any newly-identified problems are addressed as quickly as possible.
  • Strong encryption: BizMerlin uses industry standard encryption protocols and practices to responsibly transmit any sensitive information.

Data SECURITY

All of our security controls and risk analysis are based around the premise of protecting customer data. In addition to encryption, our customer data security controls include:

  • Who has access to customer data? – BizMerlin’s access to customer data is highly restricted, and access requests by our support personnel follows a highly controlled and documented process. Before access is granted, employees must complete special security training to handle customer data. We have periodic user access reviews to ensure unwanted access gates staying open.
  • Who did what, when and where? – All activity is logged in a protected system.
  • How are incidents reported? – BizMerlin is SOC compliant so follows a strict incident response process designed to handle customer data incidents.
  • Are our employees trained to handle data? – Yes, All BizMerlin employees are required to participate in security training.

RELIABILITY

  • Backup servers and data centers: The BizMerlin infrastructure uses AWS storage and servers to keep the application and your data available safe at every time. Every server has backup servers and we continuously take the backup of the database.
  • Responsible Disclosure of Security Vulnerabilities: If you are a security researcher and think you’ve found a security vulnerability with our service, product, or website please visit our Responsible Disclosure Policy page.

Third Party Certifications and Audits

Third-party certifications and audits are an important component of any mature security program. We have a number of respected third-party agencies that certify and audit our environment.

BizMerlin’s certifications and audits include:

  • SOC2 Type 2.
  • Privacy Shield Certification.
  • Health Insurance Portability and Accountability Act (HIPAA) Compliant.
  • BizMerlin hosts its data is Amazon Web Services (AWS) is SOC 2 certified.

Certifications with the Department of Commerce

EU-US & SWISS-US PRIVACY SHIELD

BizMerlin has achieved EU-US & SWISS-US PRIVACY SHIELD certification with the US Department of Commerce.

GDPR Compliance

Our comprehensive GDPR program is supported by key privacy principles — Accountability, Privacy by Design and Default, Data Minimization, Subject Access Rights, among others.  Below are some aspects of the GDPR program at BizMerlin, and how our products support customers in meeting their compliance obligations.

Read BizMerlin’s Commitment to GDPR.