Security is job-zero at BridgeFT: it’s a core function of everything we do from data ingestion to delivery.
We conduct vulnerability scanning and automated intrusion detection scans on a quarterly basis. Vulnerability scanning is required at the key stages of our Secure/Software Development Lifecycle (SDLC):
Corporate devices and laptops are centrally managed and equipped with anti-malware protection. We use MDM software to enforce secure configuration, such as disk encryption, screen lock and require automated software updates.
We use an AWS-backed VPN client, required to gain access to all cloud environments.
All Bridge employees are required to undergo security awareness training and review and agree to all our policies annually. Our security operations team regularly shares threat briefings with employees to inform the company of potential risks and safety-related updates that require attention or action.
Bridge uses AWS IAM (Identity and Access Management) to provision access to cloud systems and BI tools. We centralize and mandate password management and two-factor authentication to all our IT systems.
Employees are granted access through reviewed tickets and based on the employee’s role.
All vendors are evaluated at the point of adoption and annually, measured in terms of risk based on the following factors:
Decisions around vendors are made only after completion of a risk evaluation.