BD Emerson & Boxcore: Achieving SOC 2 Compliance

Boxcore needed to assure its customers that their data–often documents like worker training records and equipment inspection records–would be protected with a system that aligns with the highest level of global data security standards. Boxcore’s software provides users with a single location for them to eliminate double and triple handling of data as well as a platform where they can access safety data quickly. The challenges were multifaceted, encompassing the implementation of security controls across various domains, including business account management, endpoint management, and cloud security. The endeavor required a partner with deep expertise and a proven track record.

BD Emerson proposed a comprehensive strategy that provided a robust security overhaul for Boxcore. The collaboration began with BD Emerson expanding the security of Boxcore’s software by building additional security into Boxcore’s CI/CD (Continuous Integration/Continuous Deployment) and its codebase, adding security checks and controls to stages of the software development and deployment process to ensure that any vulnerabilities or issues are caught early and addressed before the software is deployed. Then, BD Emerson followed this same process with Boxcore’s application, implementing secure coding practices, code analysis tools, and application-level protections.

BD Emerson collaborated with Boxcore engineering to implement security controls into Boxcore’s cloud infrastructure, securing the deployment environment with secure configurations. Additionally, BD Emerson and Boxcore deployed new monitoring tools that gain a feedback loop for the new security controls. These controls were designed to be far more than compliance checkboxes, but at the same time, meet the standards of  SOC 2. Endpoint controls were integrated, employing endpoint protection software, access controls and regular security updates.

Lastly, BD Emerson’s solution included establishing Identity Access Management and conditional access policies, ensuring that only authorized users can access certain resources in Boxcore’s business environment, which made their access reliant upon their location and device security posture. These controls greatly enhanced Boxcore’s cybersecurity defenses, creating a robust and secure environment for developing, deploying, and servicing  Boxcore’s customers.

Boxcore chose BD Emerson’s partner Securily for continuous vulnerability management and pentesting. Through penetration testing Boxcore validated controls were in place throughout the infrastructure and application.The leadership team at Boxcore was not satisfied with stopping where the edge of compliance ended and the start of additional security began. Boxcore’s commitment to security, privacy, and compliance is on show through their commitment to a Zero Trust Architecture.

The collaboration between Boxcore and BD Emerson enabled Boxcore to achieve SOC 2 Type 1 within 30 days, significantly accelerating Boxcore’s path to achieving the standard of enterprise level security. 

This partnership has allowed Boxcore to further the trust of its existing customers in Boxcore’s ability to manage and store their data securely and has attracted new customers. Boxcore’s robust security posture distinguishes them as a leader among other construction management software providers, and their dedication to data security instills a sense of confidence in their existing customers.

The partnership between Boxcore and BD Emerson successfully guided Boxcore to achieve SOC 2 compliance, enhancing their software’s security infrastructure and data protection. Since achieving their Type 1 attestation, Boxcore has begun the monitoring window for their SOC 2 Type 2. This collaboration not only strengthened customer trust but also positioned Boxcore as a leader in the construction safety management software industry, attracting new clientele and fortifying their market presence.

"BD Emerson came highly recommended by the Vanta team in Ireland as a true leader in compliance and security. The entire team, from security engineers and compliance experts to privacy attorneys and analysts, displayed exceptional knowledge and professionalism. They were incredible to work with, making complex compliance tasks understandable and manageable. BD Emerson helped our new CTO gain a deep understanding of our security gaps and areas for performance optimization, which has been transformative for our application. 

Their unwavering support and thorough approach convinced us to become continuous customers of their vCISO services. BD Emerson didn’t just help us meet our compliance goals; they integrated security and privacy into the core of our operations. I highly recommend BD Emerson to anyone seeking SOC 2 or GDPR compliance, or simply looking to enhance their security team and boost customer trust in their product and services. Their dedication and expertise have been invaluable to our success."