Skip to main content

Security Statement


Black Mountain Software (BMS) values the trust you place in us. We take our responsibility of protection seriously and strive to achieve the best possible practices in providing a safe and secure experience.

Security Procedures

BMS security policies and procedures are routinely reviewed and updated. Proactive and preventative measures are applied as part of our regular duties, as well as emergency response strategies. Our engineering team is actively aware of newly reported threats, discovered through internal or external sources, and takes immediate action to mitigate any negative ramifications. Every effort is made to apply critical patches as soon as possible.

Remote Safety

BMS Cloud servers prevent any connection from users that have not been properly verified in our system. Connections are established with a secure and encrypted connection. Our servers are hosted by a service provider with industry leading qualifications in security, reliability, and responsiveness. BMS Cloud servers leverage multiple safeguards of protection to ensure the safest experience we can provide.


Our security focused engineers routinely monitor reports of access to our BMS Cloud servers. Our monitoring includes automated alerts as well as personal scrutiny by our professional staff. BMS engineers vigilantly watch for suspicious activity and pursue investigations when necessary.


BMS Cloud servers maintain scheduled nightly backups of client resources. The structure of our backup protection is robust, with preventative measures in place that can withstand emergency situations and still have quality backups available. BMS takes advantage of reliable, proven technologies to guarantee the safety of our client data. We constantly assess the most optimal means of securing and maintaining backups.


Security focused engineers are professionally trained to respond to events as immediately as possible. BMS engineering undertakes frequent emergency response practice scenarios, following with industry best practices, to safeguard that genuine emergencies are dealt efficiently and effectively.

Protection Verification

We are pleased to announce that the BMS Cloud Hosted Applications are officially SOC 2 Type 1 certified! This achievement verifies, through an independent third-party, that we are working hard to keep your data secure. Your trust is important to us and we will continue to invest in our cybersecurity systems to face the ever-changing threat landscape.

What is SOC 2 and why is it important?
System and Organization Controls (SOC) 2 is an attestation of security defined by the American Institute of Certified Public Accountants (AICPA) and is considered the standard for ensuring data security and operational maturity. During the audit the auditor validates that we design and maintain control activities against the Trust Services Criteria (TSC) for Security. A copy of BMS’s SOC 2 Type 1 report is available to current and potential clients under NDA upon request.

BMS enlists external security investigations to analyze the protections we have in place. We meet the highest standards of safety, verified by experts in the security community. While we regularly conduct internal assessments of our own systems, we appreciate and respect the perspective and authenticity an outside investigation can provide. For further information, please refer to our Letter of Attestation or log4j Letter of Attestation.

Physical Security

BMS servers are hosted within professionally observed world class data centers. Physical access to data centers is granted on the principle of least privilege, logging and monitoring all accepted requests. Physical protections also include 24×7 logged CCTV recordings, data center entry points manned by authorized security staff, and automated intrusion detection at every ingress and egress point to the server rooms.