“Bottle Rocket will protect the confidentiality, integrity, and availability of its IT systems, services, applications, and data – whether on premises or in the cloud by collaborating with the business to manage IT security risks, threats, vulnerabilities, incidents and limit the negative impact to the company, in support of the business needs.”
A SOC 2 Type 1 audit was conducted to assess and report on the design and implementation of controls within our systems and processes. The purpose of this audit was to evaluate the trustworthiness and security of service providers that handle sensitive data for our clients. SOC 2 stands for Service Organization Control 2, which is a set of criteria established by the American Institute of Certified Public Accountants (AICPA) to ensure the security, availability, processing integrity, confidentiality, and privacy of data.
Hover over the images below for additional details on each document’s content. Need access to specific documents? A signed NDA is required.
The Information Security Policy sets forth rules and processes for Rocketeers as the standard around acceptable use of Bottle Rocket's information technology, including networks, and applications to protect data confidentiality, integrity, and availability.
This policy designed specifically for Bottle Rocket is in alignment the Information Security at Ogilvy and the WPP Data Privacy and Security Charter, and builds upon standards set by our parent organization
The Information Security White Paper is to be used to inform external parties about the Bottle Rocket's security culture, policies, and systems along with our ongoing efforts to continually improve protection for our clients.
A SOC 2 Type 1 audit was conducted for BR to assess and report on the design and implementation of controls within BR's systems and processes. The purpose of this audit is to evaluate the trustworthiness and security of service providers that handle sensitive data for our clients. SOC 2 stands for Service Organization Control 2, which is a set of criteria established by the American Institute of Certified Public Accountants (AICPA) to ensure the security, availability, processing integrity, confidentiality, and privacy of data.
This ITAM Standard was designed to support the Bottle Rocket IT Asset Management Policy through implementation of standards-based processes using a risk-based approach.
The Bottle Rocket IT Asset Management Policy provides guidance for implementation of a systematic approach to aid in the identification, documentation, and governance of physical and information assets and supports the Bottle Rocket IT Security Policy.
The purpose of this data classification standard is to provide a system for protecting Bottle Rocket’s information that is critical to the organization. The standard divides data into three classifications: Restricted Confidential, Confidential, and Public.
The purpose of this document is to provide Bottle Rocket with a standard process for the identification, assessment, and management of security incidents. In general, a security incident is a violation of Bottle Rocket’s information security policies, acceptable use policies, or standard information security practices
This standard specifies requirements for Identity and Access Management (IAM) controls required to protect the confidentiality, integrity, and availability of Bottle Rocket’s information assets, and electronic information belonging or pertaining to third parties, from unauthorized access, use, modification, or destruction.
This Standard defines specific processes to implement to ensure Bottle Rocket successfully manages the organization within acceptable risk appetite thresholds. This Standard was developed to support the Bottle Rocket Risk Management Policy. The objective of this Standard is a consistent and effective approach for identification, categorization, assessment, treatment, reporting, and monitoring of risk.
This policy defines how Bottle Rocket will manage information and application security risks. The policy and the supporting guidance establish Bottle Rocket’s underlying approach to risk management by clarifying the roles and responsibilities of staff. It aims to support those staff with particular involvement in anticipating, assessing and managing risks so that they can make timely and well-founded risk-informed decisions.
This plan, which includes supporting policy and proceed guidance, is designed to provide team members with a documented and formalized Agile Software Development Life Cycle approach that can be adhered to and utilized throughout Bottle Rocket. Compliance with this plan helps ensure the safety and security of information resources.
Bottle Rocket recognizes the need to utilize external vendors to perform various information technology related services. To ensure the security of Bottle Rocket’s information and assets, a Vendor Risk Management (VRM) Program must be implemented providing direction to vendors, customers, and the use of third-party or open-source software for cybersecurity and privacy requirements that are in accordance with our security requirements, as well as relevant laws and other legal obligations.
The purpose of this policy is to establish high-level objectives for change management and project management control. This policy will ensure the implementation of change management and control strategies to reduce associated risks of disrupting Bottle Rocket business operations.
The purpose of this Physical Access Control Standard is to demonstrate access to Bottle Rocket’s facilities and assets is limited to authorized individuals and shall be protected from malicious activity.
The purpose of this policy is to establish high-level objectives for change management and project management control. This policy will ensure the implementation of change management and control strategies to reduce associated risks of disrupting Bottle Rocket business operations.
Bottle Rocket clients own their data, not Bottle Rocket. The data that clients put into our systems is theirs, and we do not scan it for advertisements, nor do we sell it to third parties. Bottle Rocket will not process data for any purpose other than to fulfill our contractual obligations. Furthermore, if customers delete their data, we commit to deleting it from our systems within 180 days.
Please complete in order to gain access to the security documentation that Bottle Rocket provides.