Brightest for IT Teams
Last updated
Last updated
At Brightest, we closely integrate web application security and privacy best practices throughout our development, web architecture, and DevOps processes, allowing us to provide enterprise-ready social impact, sustainability, corporate social responsibility (CSR), and environmental social governance (ESG) software that meets your security controls and requirements, earns your trust, and complies with international data privacy laws.
Today, our clients include governments, publicly-traded companies, and organizations operating in highly-regulated industries, thanks to the strength and consistency of our security controls and risk management practices.
The AWS data center infrastructure used to provide all Brightest services by default is located in the United States, however AWS also offers us the flexibility to relocate your data storage and application servers to a European Union (EU) data center in either Germany or Ireland if and where your organization needs to comply with GDPR and EU data compliance laws. The cloud IT infrastructure AWS provides Brightest is designed and managed to meet security best practices and a variety of IT security standards, including:
β’ SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70)
β’ SOC 2
β’ SOC 3
β’ FISMA, DIACAP, and FedRAMP
β’ DOD CSM Levels 1-5
β’ PCI DSS Level 1
β’ ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018
β’ NIS 2 Directive (Directive (EU) 2022/2555)
For more information on our cloud hosting and database security levels, please see AWS's security resources and policies at and
To read more about AWS GDPR compliance, please see and AWS'
We work closely with third party privacy and security firms and vendors to ensure our platform meets international data protection, privacy, and processing standards. Brightest's Data Processing Agreements comply with all applicable GDPR requirements, and we completed a GDPR assessment verified by in February, 2021. Brightest is also compliant with US state and federal data security laws, including the California Consumer Privacy Act (CCPA).
For more information on our privacy and data processing policies, please see our .
If you have any questions or comments about our security policies, approach, work, or information, or would like to report a security concern please .
Our technology, with built-in roles, permissions, access levels, and data environments, is designed and implemented to ensure your companyβs information is only accessible by authorized individuals. Where needed, Brightest can support corporate directory single-sign on (SSO), Security Assertion Markup Language (SAML), Multi-Factor Authentication (MFA), and identity provider (IDP)or HR information system (HRIS) integrations to provide secure directory sync and access privileges between your company's Brightest use and employee access, roles, permissions, and user authentication. Brightest can work with IDPs like Microsoft Active Directory, Okta, Auth0, Shibboleth, and others, and we're an .
We take additional steps to verify that any 3rd party service provider integrated into Brightest: (1) conducts background checks on all new employees, (2) enforces info security training for all employees, (3) offers secure, stable, modern web application infrastructure and technologies that are widely used in the industry by best-in-class companines, (4) is regularly audited by 3rd party monitoring organizations, and (5) is PCI-compliant and complies with other modern information security and IMS standards like ISO/IEC 27001 and SOC 2. Our only third-party service providers integrated into our application that can receive personal information (PIIA) beyond AWS are and for transactional user email notifications and donation reciept emails, both of whom meet these strict requirements.