Business Wire Cybersecurity Commitment

Enterprise Security Posture

The advent of an increasingly digitized world creates an ever-growing attack surface for cybersecurity threats. Business Wire is committed to the security of client information. Recognizing that all IT systems remain vulnerable to attack, Business Wire has invested heavily in cybersecurity and remains committed to continued investments in this area. To protect our systems, we maintain an ongoing cycle of testing, threat analysis, and security enhancement.

Specific investments include:

  • Standardized annual testing of our Service Organization Controls (SOC2 Type2) by an AICPA assessor for the Security Trust Principle provides independent validation of Business Wire’s internal controls. Third party continuous vulnerability scanning of our externally facing web applications in addition to weekly internal scanning of our IT systems. Remediating exposed vulnerabilities is a critical component of our security practice.
  • Vulnerability patching and remediation is performed on a risk review basis specific to our solution offering.
  • Business Wire utilizes a four-tier development, integration, testing, and production deployment process into a distributed application architecture for validation and resiliency.
  • Centralized configuration management, deployment automation, and least privilege access to ensure system integrity.
  • Industry leading multilayered security tools with automated threat intelligence updates.
  • Centralized logging, detection and alerting supported by a dedicated information security operations team leveraging resources throughout the organization to provide 24/7 coverage.
  • Businesswire.com utilizes industry standard TLS/SSL certificates, issued by a trusted third-party Certificate Authority (CA). We require our certificates to support a minimum of TLS 1.2 SHA-256 encryption and a 2048-bit private key.
  • Hosted in a 2N+2 colocation facility that exceeds the Uptime Institute’s Tier IV standard for electrical delivery and a geographically diverse failover capability.

Business Wire continues to make the necessary investments in people and technology to protect our information assets.

Data Security Practices Business Wire minimizes the use, collection and retention of confidential data when possible. For data classified as confidential, Business Wire utilizes industry standard data encryption (minimum AES 128) for data transmission and storage. PCI information is neither captured nor stored in our system but is serviced through a certified third-party PCI DSS service provider.

Various layered cyber defense systems are employed to protect our systems including but not limited to Advanced Firewalls, IPS, DDoS protection, SEIM, threat intel feeds, endpoint protection & a full time cyber defense team.