Overview

At BIM Engine, we know that your architectural designs, point clouds, and site data are your most valuable assets. We have designed our platform from the ground up to exceed industry standards for security, availability, and confidentiality.

Below is an overview of our security architecture and the controls we have implemented to protect your data.

Compliance & Certifications

SOC 2 Alignment Our internal controls and security framework are designed in accordance with SOC 2 (Service Organization Control) standards. We maintain rigorous documentation and automated monitoring to ensure the security, availability, and confidentiality of customer data.

Audit Trails: We maintain comprehensive logs (AWS CloudTrail, S3 Server Access Logs) to track system activity.
Background Checks: All employees undergo mandatory background checks prior to employment.

Confidentiality: Every employee and contractor signs strict Non-Disclosure Agreements (NDAs) and Confidentiality Agreements.

Infrastructure Security

Our platform runs on Amazon Web Services (AWS), the industry leader in cloud security.

Network Segregation: Our production environments are strictly isolated from testing/development environments to prevent cross-contamination.

Intrusion Detection: We utilize automated Intrusion Detection Systems (IDS) and VPC Flow Logs to monitor network traffic for suspicious anomalies.

Encryption:

• In Transit: All data is encrypted via TLS 1.2+ during transmission.

• At Rest: Data stored in AWS S3 and our databases is encrypted using AES-256 standards.

• Endpoint Security: All company devices and removable media are encrypted to prevent data loss.

Organizational Security

Security is a human process as much as a technical one.

Access Control: We enforce strict "Least Privilege" access. We utilize Multi-Factor Authentication (MFA) across our organization, including Google Workspace and AWS root accounts.

Security Training: All employees complete general security awareness training upon hire and annually thereafter.

Vendor Management: We maintain a strictly vetted Vendor List. All third-party sub-processors must have defined authentication methods and security standards equivalent to our own.

Device Policy: We require proof of secure device disposal and enforce password manager usage for all staff.

Secure Development Lifecycle (SDLC)

We integrate security directly into our coding workflow.

CI/CD Pipeline: We use a secure Continuous Integration/Continuous Deployment (CI/CD) system to automate testing and deployment, minimizing human error.

Vulnerability Management: We regularly scan for vulnerabilities and maintain a record of remediated issues.

Change Management: All system updates are documented. We maintain a public change log to keep customers informed of platform updates.

Data Privacy & Reliability

Data Deletion: We provide customers with the right to request data deletion. We maintain records of these deletion requests to ensure compliance with privacy laws.

Cybersecurity Insurance: BIM Engine maintains active cybersecurity insurance coverage to provide an additional layer of assurance for our business continuity.

Access Reviews: We perform regular access reviews to ensure that only active, authorized personnel have access to critical systems.

Vulnerability Reporting

We value the contributions of the security research community. If you believe you have found a security vulnerability in BIM Engine, please report it to us immediately.

Contact: team@bimengine.ai

Response: We will acknowledge receipt of your report and work with you to remediate the issue.