Liquid Barcodes loyalty marketing platform is hosted on Amazon Web Services (AWS). Liquid Barcodes is responsible for security in the cloud and AWS is responsible for security of the cloud.
We are committed to an ongoing assessment of our platform security.
We operate a regular schedule of vulnerability testing, using both industry-standard in-house tools and services, and third party best-of-breed security partners. The results of these tests are fed into a specific security stream within our product roadmap planning system, to ensure that security issues are appropriately prioritised and actioned alongside ongoing development of the platform.
Here in Liquid Barcodes, we use the ISO27000 suite of standards to guide our business and operational practices ensuring that we implement, review and maintain formal, documented policies for all areas of information security from correct classification, labelling and handling of information, through to best-practice guidance for our software development methodology.
All communication with Liquid Barcodes loyalty marketing platform is based on HTTPS secure web traffic.
We operate an incentive program where reported bugs that affect the security of the platform rewards the person reporting it depending on the severity and our previous knowledge of the bug.
From aws.amazon.com – their description of the security OF the cloud:
AWS is responsible for managing the security of the underlying cloud environment. The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available, designed to provide optimum availability while providing complete customer segregation. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and content quickly and securely, at massive global scale if necessary.
AWS services are content agnostic, in that they offer the same high level of security to all customers, regardless of the type of content being stored, or the geographical region in which they store their content. AWS’s world-class, highly secure data centers utilize state-of-the art electronic surveillance and multi-factor access control systems. Data centers are staffed 24×7 by trained security guards, and access is authorized strictly on a least privileged basis. For a complete list of all the security measures built into the core AWS cloud infrastructure, platforms, and services, please read our Overview of Security Processes whitepaper.
We are vigilant about our customers’ security and have implemented sophisticated technical and physical measures against unauthorized access. Customers can validate the security controls in place within the AWS environment through AWS certifications and reports, including the AWS Service Organization Control (SOC) 1, 22 and 33 reports, ISO 270014, 270175 and 270186 certifications and PCI DSS7 compliance reports. Our 27018 certification demonstrates that AWS has a system of controls in place that specifically address the privacy protection of customer content. These reports and certifications are produced by independent third party auditors and attest to the design and operating effectiveness of AWS security controls. AWS compliance certifications and reports can be requested here. More information on AWS compliance certifications, reports, and alignment with best practices and standards can be found at AWS compliance site.