Collect requests, collaborate with stakeholders, and manage approvals
Create bids, invite vendors, and get results quickly
Engage internal collaborators to score RFx projects
Stay on top of milestones and vendor performance
Access award-winning coaching and support
Bonfire achieved SOC2 Type I certification in August 2020 and is in the monitoring process towards achieving Type II.
System and Organization Controls (SOC) 2 is a comprehensive reporting framework put forth by the American Institute of Certified Public Accountants (AICPA) in which independent, third-party auditors (i.e., CPA’s) for an assessment and subsequent testing of controls relating to the Trust Services Criteria (TSC) of Security, Availability, Processing Integrity, Confidentiality or Privacy.
Bonfire is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR).
We have introduced processes to ensure our compliance with requirements imposed by the GDPR and to help our customers comply as well.
To learn more about our GDPR compliance, please read our Privacy Policy.
Bonfire follows privacy laws established by the Government of Canada.
To learn more about the steps we take to protect your privacy, please read our Privacy Policy.
Starting in 2015, we’ve focused on delivering an experience that meets compliance as laid out in the Web Content Accessibility Guidelines (WCAG) 2.0 Level A. Leading up to 2021, we are committed to meeting WCAG 2.0 Level AA in order to better support a wide range of persons with disabilities and meet additional compliance requirements in accordance with ADA and AODA Compliance requirements.
See more at www.gobonfire.com/accessibility
We use industry-standard technologies and service providers using only the highest protection, configuration, and encryption standards to keep customer data secure at all times. We design, develop, and maintain our systems and applications following industry standards and best practices from CIS, NIST, and OWASP.
Bonfire uses a Tier 1 cloud provider to run our operations. We use Amazon Web Services (AWS) data centers that have been certified for ISO, PCI, SOC, CSA, FedRAMP, FIPS, NIST, PIPEDA, and more.
Learn more about AWS Security:
AWS Data Center Certifications AWS Data Center Security Controls AWS Security Whitepaper
All communication with the Bonfire portal and APIs are encrypted while in-transit using industry-standard HTTPS/TLS (TLS 1.2 or higher) over the Internet, ensuring that all traffic between you and Bonfire is secure during transit.
All customer data is encrypted at rest in AWS using AES-256 encryption.
Based on the location and jurisdiction of your company, Bonfire stores your data within the US, Canada, or EU data regions.
You own your data and retain all rights, title, and interest in the data you store in Bonfire.
All customer data stored with Bonfire is replicated and backed up on a continual basis. We test our backup and recovery processes to ensure that we can recover your data in the event of a disaster.
Bonfire continuously monitors our application and infrastructure load and performance. In the event of an application error, our technical team is notified automatically (both for server-generated errors and client-generated errors). Logs are processed and stored using a centralized log management system.
All Bonfire employees receive security awareness fundamentals training upon hire and annually thereafter. Developers also receive secure coding training to identify and defend against common coding errors and security threats.
If you have a question or think you have found a vulnerability within Bonfire, please get in touch with your sales or support representative.
Please note, Bonfire does not permit unsolicited security testing against our sites or services.