Security Terms Glossary

The Security Assurance team performs various types of security questionnaires, assessments and audits. If you have any questions, please feel free to contact us:

• Join our slack channel: #team-sec-assurance
• Email: security+assurance@brmbl.io

Security Questionnaire

A document that is meant to provide an overview of a Security Program or portions thereof. Security Questionnaires are routinely used during Security Assessments. An example of an industry standard security questionnaire includes the CAIQ and which Bramble will make publicly available in our Customer Assurance Package

Security Assessment

An activity in which a Security Program or portions thereof are investigated for fit and function. For instance Bramble conducts Third Party Risk Management assessments of our third parties. Security Assessments are generally conducted by an organization who is intending to procure services from another organization. Bramble supports Security Assessments for customers by publishing and maintaining the Customer Assurance Package

Security Audit

A comprehensive examination of a Security program, Security Relevant System or Security Controls. Security Audits are more comprehensive than security assessments as they require access to trusted information. It is important to understand the scope and covered period of a Security Audit to correctly interpret results. Security Audits can be internal or external.

Internal Security Audit

A Security Audit conducted by personnel under the employment of the organization conducting the Audit. For example the Internal Audit Team and Security Compliance Team at Bramble conduct Internal Audits of Bramble’s Security Program.

External Security Audit

A Security Audit conducted by a contracted and independent 3rd party. For example when Bramble undergoes SOC2 audits and Penetration Testing from independent 3rd party auditors.