Security Policy

Last update to Security Policy – June 21, 2021
This Security Statement applies to the platforms and services offered by Black Professionals in Tech Network Inc. (“BPTN”). The protection and security of our customer data is critical to operating our business, and inherently built into our platforms from the ground up. To provide transparency into our security processes with our partners and customers, a detailed summary of our security posture is provided below.


AWS Access

All of BPTN’s platforms are hosted in AWS. Direct access to BPTN servers hosted in AWS is protected by multi-factor authentication and whitelisted VPN access to servers and databases. Access to AWS is restricted by role-based access control, based on least privilege access permissions.

Access Control Reviews

Access permissions are reviewed at least quarterly by Information Systems owners and the Security Working Group, with access revoked immediately upon employee termination.

Password Policies

Password policies are implemented for strong password complexity, rotation and re-use. All password fields hide user input.


AWS Infrastructure

Network Security

Server & Database Security

Monitoring & Logging

BPTN platforms are constantly monitored with AWS CloudWatch for application & infrastructure monitoring; AWS CloudWatch for centralized log aggregation (with logs encrypted using AES-256 during transport and at rest); AWS CloudWatch for alarms; AWS GuardDuty for intelligent threat detection & monitoring; host-based intrusion detection systems and file integrity monitoring; AWS Shield for threat remediation; AWS CloudWatch for auditing; and various other systems for real-time monitoring, alerting, forensics, and security.


Asset Inventory

A central IT management system is used to track and maintain corporate IT assets and laptops.


Paid vendor licenses go through a formal assessment and review process. Open source licenses must comply with internal policies for acceptable and non-restrictive licensing.


Annual Testing

Business Continuity and Disaster Recovery tests are performed and reviewed annually by the cross-departmental Security Working Group.

Business Continuity

BPTN platforms and corporate services are all cloud-based, and can be fully implemented in both an office and remote setting.

Disaster Recovery

Storage & Backups


Data Encryption

Data Classification

BPTN maintains a data classification system for public, internal, confidential, personally identifiable information (PII) and sensitive PII data.

Hardware & Media Disposal

BPTN office equipment and AWS data centers policies and procedures implement the proper erasure and disposal of data on laptops, hard disks and other hardware & media, including techniques such as overwriting, degaussing and 2-pass wipes.

Key Management

Encrypted keys are managed via AWS Key Management Service (KMS), with separate keys for development and production environments. As this is a managed AWS service, no human users have access to any of the keys.


Clean Desk & Removable Media Policies

Information System policies include a clean desk policy applied to all employee laptops via a central IT management system, and a policy prohibiting removable media.

Risk Assessments

BPTN performs internal and major 3rd party vendor risk assessments at least annually.

Security Working Group

BPTN has a formal Security Working Group composed of management and technical leadership representatives from Engineering, Product, Customer Success, IT & Support, Compliance and HR. This group meets at least quarterly to review overall security posture; major events, trends and escalations; procedure and policy review; and various procedure testing, including disaster recovery, business continuity and breach response.


Background Checks & Confidentiality

Employee Discipline

Employees that violate BPTN policies will be subject to disciplinary reviews and actions.

Employee Onboarding & Offboarding

Security & Privacy Training

All employees participate in security & privacy training as part of their onboarding process, as well as annually. This process is managed by Compliance & Operations teams, and with audit records maintained of all training completed.


AWS Data Centers: Physical Access

AWS Data Centers: Alarms, CCTV, Inspection

AWS Data Centers: Access Cards, Badges, Visitors


Climate and Temperature

Fire Detection and Suppression

Leakage Detection



Agile SDLC Process


BPTN has fully separated AWS accounts for each platform’s production and development environments. Customer data in production is fully isolated at a network, logical, and access control level from local and development environments.

Segregation of Duties

BPTN has segregation of duties across the various departments and stages of the software development cycle. This includes onboarding processes triggered by HR, laptop and corporate IT access by IT administrators, engineering access by Engineering management, software testing by QA, platform support by Support teams, and shared security responsibility by Engineering, IT and the Security Working Group.


Patching and Anti-malware

BPTN has patch management processes and anti-malware systems in place to proactively manage security updates.

Vulnerability & Penetration Testing

Monthly vulnerability testing and annual independent, manual penetration testing are performed to check for OWASP Top 10 security risks, amongst other security considerations. Critical and high-level fixes are remediated on a priority basis.


DDoS & Attack Prevention

Breach Notification


BPTN has live and automated 24/7 monitoring of its platform. Dedicated Customer Success teams regular North American EST hours via email access and support ticketing. After-hour platform priority issues can be triggered via AWS CloudWatch alerts.

Your Responsibilities


AWS Data Centers

SOC-2 Audits

System and Organization Controls (SOC) Reports are independent, 3rd party examination reports that demonstrate how Rock Content achieves key compliance controls and objectives. BPTN is working towards its SOC-2 security review for its platform, and intends to perform these annually on an ongoing basis once a Type 1 audit has been completed.


The information contained herein is for general information purposes only. While we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the information, products, services, processes, activities or related materials referred to herein for any purpose. Any reliance you place on such information is therefore strictly at your own risk. In no event will BPTN be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising, including from loss of data or profits arising out of, or in connection with, reliance upon this information.