BrizoIT Security Policy

Policy Owner: Volodymyr Krupach
Effective Date: April 29, 2026

Our Security Commitment

At BrizoIT, security is not just a feature; it is a foundational principle. As a provider of enterprise-grade Atlassian applications, we implement rigorous security measures to protect the data our customers entrust to us. This policy outlines our technical and organizational controls, aligned with our internal Vanta-managed compliance program.

Privacy by Design & Data Minimization

We follow a "Privacy by Design" philosophy, ensuring that security is embedded into our development lifecycle.

• Minimal Data Footprint: For our cloud applications, BrizoIT does not store End-User personal data on our servers.

• Data Scope: We only store minimal operational metadata, such as Jira/Confluence domain information and application configuration settings.

• Atlassian Ecosystem: All primary customer data remains within Atlassian’s secure infrastructure, following the Shared Responsibility Model.

Data Protection & Encryption

We protect data using industry-standard cryptographic protocols:

• In Transit: All data communicated between your browser, our application servers, and Jira instances is encrypted using TLS 1.2 or higher.

• At Rest: Any configuration data stored in our backend is encrypted using AES-256, managed according to our Cryptography Policy.

Infrastructure & Network Security

Our services are hosted on Amazon Web Services (AWS), leveraging their world-class security infrastructure.

• Isolation: Our production environments are isolated within Virtual Private Clouds (VPCs) with strict security group rules.

• Access Control: We enforce the Principle of Least Privilege. Access to production systems is restricted to authorized personnel and requires Multi-Factor Authentication (MFA), as defined in our Access Control Policy.

Vulnerability Management

We proactively identify and remediate risks through a multi-layered testing approach:

• Quarterly Scanning: We perform automated vulnerability scans on all public-facing systems at least quarterly.

• Annual Penetration Testing: We engage independent third-party security experts to conduct comprehensive penetration tests of our applications and network annually.

• Remediation: Vulnerabilities are prioritized and remediated according to the timelines established in our Operations Security Policy.

Incident Response & Breach Notification

Our Incident Response Team is prepared to react swiftly to any security event:

• Monitoring: We maintain 24/7 logging and monitoring of our infrastructure.

• Management: All security incidents are logged and managed within a dedicated Jira environment.

• Notification: In the event of a confirmed security breach affecting customer data, BrizoIT commits to notifying affected users via email without undue delay, providing instructions and mitigation steps as outlined in our Incident Response Plan.

Personnel Security

• Background Checks: All BrizoIT employees undergo comprehensive background checks prior to hire.

• Security Training: All personnel must complete mandatory annual security awareness training to stay current on emerging threats and best practices.

Trust Center & Compliance

For real-time system status, access to our latest SOC 2 reports, and detailed compliance documentation, please visit the BrizoIT Trust Center:

🔗 trust.brizoit.com

Contact Us & Reporting

If you discover a security vulnerability or have questions regarding our security practices:

• Security Issues: Please report them immediately via our Support Service Desk.

• General Inquiries: Reach out to our security team at support@brizoit.com.

This policy is reviewed annually to ensure it reflects our current technical environment and regulatory requirements.