ITBM manages the information of more than 10,000 organizations worldwide. We understand that customers expect us to protect their data to the highest standards and we are committed to delivering a secure and reliable environment. The security model and controls are based on international standards and industry best practices such as ISO 27001 and OWASP Top 10.
Our systems are hosted across multiple Availability Zones on the Google Cloud Platform. This allows us to deliver a reliable service and that your data is available whenever you need it.
Data centers use the latest physical and environmental security measures to achieve a highly resilient infrastructure. For more information on security practices, see:
ITBM in the CulturalGo family of products implements a security-oriented design in several layers, one of which is the application layer. The application is developed according to the OWASP Top 10 framework and the code is fully reviewed before deployment to production.
The CI/CD controlled process includes static code analysis, vulnerability assessment, end-to-end testing, unit testing that addresses authorization issues, and more. ITBM developers have regular security training to stay up to date with best practices for secure development.
Another layer of security is infrastructure. As we said, the CulturalGo family of products are hosted on GPC. In addition, the infrastructure is protected with multiple layers of defense mechanisms, such as the following:
ITBM in its CulturalGo family of products encrypts all data in transit and in storage:
Independent third-party assessments are essential to accurately and unbiasedly understanding your level of security. ITBM conducts penetration testing annually at the application and infrastructure level with recognized independent auditors.
In addition, a permanent audit is being carried out with the Security Command Center by Google Cloud tools, ISO certifications and other external audits.
ITBM is a cloud-based company and no part of the infrastructure is kept on-premises. Physical security in the offices includes access control based on personal identification, monitoring with closed circuit television and alarm systems.
ITBM data centers are hosted on the Google Cloud Platform infrastructure, where the latest physical security measures are applied.
ITBM is committed to providing continuous and uninterrupted service to all customers. We make a backup of user data every 24 hours. All backups are encrypted and distributed to multiple locations, where they are kept for 25 days.
The Disaster Recovery Plan is tested at least twice a year to assess effectiveness and keep teams aligned on responsibilities in the event of a service outage.
ITBM understands that security depends on your employees. That’s why all employees receive information security awareness training during onboarding. In addition, additional safety trainings are provided every three months. All employees must sign the Acceptable Use Policy.
We know that the data you upload to any of the CulturalGo family products is private and confidential. We regularly review user access to ensure proper permissions are in place based on the principle of least privilege. Employee access rights are changed immediately when there is a change in hiring.