Customer Security Responsibilities
Keep your user passwords safe by following these tips.
- Use a strong password that is difficult for others to guess and avoid birthdays, names, and pet’s names. Be creative: think of a special phrase and use the first letter of each word as your password. Substitute numbers for some words or letters. For example, “I want to see the Pacific Ocean” could become 1W2CtPo
- Use more symbols and numbers in passwords. The reality is that longer, more complex logins are harder to breach.
- Never write down your password or share it with others.
- Never provide your BotDoc account login or password, credit card number, or other personal information via email or to unknown parties.
Note: BotDoc will never ask you for your password.
Exercise caution using public computers (coffee shops, library, airport, hotel): Public web browsers can cache personal data and store login details. Always log off of web sites and clear the browser cache to protect your personal information, passwords, and accounts.
SAFELY DISPOSE OF PERSONAL INFORMATION
Before you dispose of a computer, get rid of all the personal information it stores. Use a wipe utility program to overwrite the entire hard drive.
Before you dispose of a mobile device, check your owner’s manual, the service provider’s website, or the device manufacturer’s website for information on how to delete information permanently, and how to save or transfer information to a new device. Remove the memory or subscriber identity module (SIM) card from a mobile device. Remove the phone book, lists of calls made and received, voicemails, messages sent and received, organizer folders, web search history, and photos.
AVOID PHISHING EMAILS
Don’t open files, click on links, or download programs sent by strangers. Opening a file from someone you don’t know could expose your system to a computer virus or spyware that captures your passwords or other information you type.
READ PRIVACY POLICIES
Yes, they can be long and complex, but they tell you how the site maintains accuracy, access, security, and control of the personal information it collects; how it uses the information, and whether it provides information to third parties.
System failures, suspected breach, or general incident
If you are experiencing a system failure, suspect some type of technical incident or breach, or have a general issue, please contact us at firstname.lastname@example.org or click “Chat with us”
If you believe you may have received a fake email, forward the entire email – including the header information – to us at: email@example.com, then delete it from your mailbox.
If you find or suspect a security incident, please report this to us at: firstname.lastname@example.org
Please report this to us at: email@example.com
Key Security Features
Security is part us, and part you. That’s why we’ve developed best practices for securing your Botdoc-powered applications.
Files are encrypted in transit (only strong cipher suites) and at rest (AES-256).
Two-factor authentication with RSA, SecurID or a digital certificate as well as Active Directory integration.
Dual redundant firewalls, network IPS, layer 7 IPS, DOS prevention, and penetration tests.
Access rights, permissions, and ethical walls based on users and groups.
ISO 27002:2013 & ISO/IEC 27017:2015
Botdoc is ISO27002:2013 certified through MS Azure. This is the highest level of global information security assurance available today, and provides customers assurance that Botdoc meets stringent international standards on security. ISO/IEC 27017:2015 certification, an international standard that aligns with and complements the ISO/IEC 27002:2013 with an emphasis on cloud-specific threats and risks.
Static and dynamic application scans, comprehensive logging, and adherence to programming best practices (OWASP Top Ten, etc).
Service Organization Controls (SOC)
Annual Type 2 SOC 2 and SOC 2+ audits based on standards set by the AICPA.
Botdoc maintains compliance with the current version of the PCI Data Security Standard (DSS) to ensure safe and secure handling of credit card holder information. As overseen by the Payment Card Industry Security Standards Council (PCI SSC), Botdoc places stringent controls around cardholder data as both a service provider and merchant.
Full compliance with the Health Insurance Portability and Accountability Act of 1996 for privacy, security, and breach notification rules for data storage.
Privacy Shield Certified
BotDoc complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.
Compliant with the US Department of Education regarding data privacy, confidentiality, and security practices related to student-level longitudinal data systems and other uses of student data.
Compliant with processing and holding the personal data of subjects residing in the EU.
The Gramm-Leach-Bliley Act (GLB Act or GLBA) is the United States federal law that makes it mandatory for the financial institutions to share their methodology to protect the customers’ financial information. Botdoc follows all safeguard rule requirements and practices to ensure functioning in compliance with standards at all times.
Updates and Alerts
Routine maintenance, new features, fixes, updates and other important announcements!
(For best results please clear your browser history/cache after updates)