BloomAPI is proactive about information security and understands that vulnerabilities need to be monitored on an ongoing basis. BloomAPI utilizes Snyk and ScouteSuite to test infrastructure and applications for vulnerabilities.
- 10.m - Control of Technical Vulnerabilities
- 164.308(a)(8) - Evaluation
- Snyk automatically scans BloomAPI code and disk images for vulnerabilities.
- ScouteSuite is run against BloomAPI Google Cloud infrastructure periodically.
- Upon notification of a vulnerability (e.g. unpatched machine, out-of-date internal api) the vulnerability will be assessed and mitigated by the dev ops team if warranted within 14 days.