Bazaarvoice security

Bazaarvoice understands that trust is earned. So we consistently deliver products that exceed client expectations. Our approach to security is built on the same principle. We employ top professionals and market-leading partners to layer a set of defenses that protect our systems and data from compromise.

Vulnerability management

Understanding how to effectively manage vulnerabilities is key to ensuring a well-protected solution. Bazaarvoice consistently checks for vulnerabilities and quickly addresses them in a risk-based approach, which is aligned with well-respected security standards.

Pentesting

Bazaarvoice engages with independent third parties to perform penetration testing annually. Our team of security professionals works with our pen testing partners to review all findings and develop a plan to remediate them. We perform follow-up testing to ensure the effectiveness of the remediation activities and offer summary reporting to our clients upon request.

Certified approach

Bazaarvoice is certified by Schellman Compliance LLC as operating an Information Security Management System (ISMS) that conforms to the requirements of ISO/IEC 27001:2013. Bazaarvoice is committed to maintaining the rigorous controls required by the ISO 27001 standard and being annually recertified. Bazaarvoice’s certificate is 1667990-1, issued on November 17, 2022.

Incident response

Bazaarvoice works tirelessly to make sure our client data remains available and secure. But we also ensure we are well prepared should an incident occur. A comprehensive incident response plan is in place, updated regularly, and tested to ensure it operates effectively. This helps us validate, communicate, and ultimately remediate issues quickly and with our customers’ interests in mind.

Our incident response plan and runbooks specify the roles and responsibilities of everyone involved and incorporate follow-up activities after the incident to ensure we learn from our past.

CSA CAIQ

The Cloud Security Alliance (CSA) Consensus Assessment Initiative Questionnaire (CAIQ) provides an efficient and transparent way to communicate which security controls are in place for cloud providers. Bazaarvoice uses this framework to effectively respond to client security information requests.

Established in 2009, the Cloud Security Alliance was formed as a research organization to determine the best practices for secure cloud computing.

If you have an NDA in place with us and are considering adding or renewing our solutions, simply reach out to your primary Bazaarvoice contact for an updated copy.

Trust FAQs

Have a question? You’ll most likely find the answer in our frequently asked questions.

Read our FAQs