For the ESG Playbook Platform we enforce a number of security measures to ensure the user and company data is safe and secure. Below is a list of measures we enforce:
- We capture authentication level logs to be able to fully audit access.
- We facilitate traffic/activity monitoring in order to detect unusual user activity.
- At a development level, we use security analysis tools to help us exclude third party dependency vulnerabilities.
- We require our team members to document every authentication and permission rule change within our application. Authentication rule changes are also captured via Google Cloud Platform’s logging.
- Our services are resilient against application level attacks like Cross Site Scripting and Distributed Denial of Service.
- We limit production level access and multi factor authentication anywhere that it is enabled. Anyone with production access cannot access backups so that if a malicious user happened to access production, backups/redundancy would not be compromised.
- We hold a monthly review of security risks and compliance.
At this moment, we solely use Google’s cloud infrastructure products so many backend security considerations are handled on their end. See Google’s security and compliance documentation for rules and protocols they follow which run our backend:
We are always open to discussing your security needs and improving our processes if you need more security assurance in any additional areas not listed above.
Supported Security Compliance Protocols
We actively review privacy standards like the protocols listed below to ensure we are compliant in the jurisdictions our customers operate in.
California Consumer Privacy Act (CCPA)
Federal Information Security Management Act of 2002 (FISMA)
General Data Protection Regulation (GDPR)
Gramm–Leach–Bliley Act (GLBA)
Payment Card Industry Data Security Standard (PCI DSS)
ISO and SOC Compliance
The ESG Playbook platform uses the Google Cloud Platform (GCP) Firebase and Firebase is certified under major privacy and security standards.
All Firebase services (aside from App Distribution and Firebase App Indexing) have successfully completed the ISO 27001 and SOC 1, SOC 2, and SOC 3 evaluation process, and some have also completed the ISO 27017 and ISO 27018 certification process. Compliance reports and certificates for Firebase services governed by the GCP Terms of Service may be requested via the Compliance Reports Manager.
Data Back-up Process
We have managed to create a function and scheduler in Google Cloud Platform (GCP). The schedule runs daily at midnight and the back-up is stored in the back-up storage.
Retrieving a back-up is administered starting with a formal request from the company management.
We track customer issues via an internal JIRA-like work item manager. Issues can be submitted via the feedback form on the ESG Playbook web app or via email to firstname.lastname@example.org.
Issues are responded to promptly and generally resolved within 24 hours. Relevant users will be updated on the issue progress.
Build and Release Management
Our application passes a series of automated unit tests and QA testers before reaching production. We are able to roll back changes within an hour in the case of an issue being pushed to production. Users are notified of new features via the home page sidebar panel under “What’s New on ESG Playbook?”. Users must be logged in to view this information.
Running on Intranet/Local to Client
We are able to do a custom installation and adaptation of the platform to run locally if your company does not wish to use the app through Google’s cloud services.