We understand that you put a lot of trust into your vendors. At PhishingBox, we are serious about security. Our business is built on security. As such, we have implemented security and privacy controls to provide a safe and secure application. Controls have been implemented to minimize the risk to the confidentiality, integrity, and availability of the system. Controls generally fall into one of the following categories: physical, technical, or administrative.
To help with your vendor due diligence process, we are including a summary of security and privacy information here. If you need additional information, please contact us directly.
As a trusted vendor, we understand your need to maintain a secure environment. Our security summary highlights many of our key security controls. Our information security program is an ongoing process. We have developed controls and these controls are audited or tested on a regular basis.
U.S. President Ronald Regan said, “Trust but verify”. So, you do not have to take our word for it as we have external audits conducted. Annually, we have a third-party audit firm conduct a SOC audit. A SOC report is an independent review from a CPA firm on the controls at a Service Organization relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy. These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization.
Many of our clients are required to comply with the General Data Protection Regulations (GDPR). Our GDPR preparations have included a comprehensive review of relevant internal processes, procedures and documentation. Additionally, we have and continue to actively develop and implement data protection policies, procedures, controls and security measures for GDPR compliance. You can learn more about our GDPR compliance here.
PhishingBox maintains processing and hosting facilities within the European Union. Customers can select to use this instance if they do not want their data to be processed on system within the United States. The PhishingBox EU instance maintains the same controls structure as the systems within the United States. More details about the EU instance are available here.
The Cloud Security Alliance (CSA) is a global organization that outlines best practices for secure cloud computing. The CSA has developed standardized security practices and questionnaires to help streamline vendor due diligence for software as a service vendors. PhishingBox has adopted these practices to provide a standardized response to most vendor due diligence questions. Visit the CSA STAR program.
We understand the importance of uptime for a system. As such, we have implemented the status page which is an independent platform showing the current status of the various PhishingBox solutions. If there are any present disruptions, notices will be included on this page.
If you believe that you have found a vulnerability in the in a PhishingBox asset, you may report it here. We take all reported issues seriously. If the vulnerability is confirmed we will offer a reward for the submission.