Trust Center

Bottle Rocket ensures that security is embedded into all that we do. Our culture prioritizes safeguarding your data. Learn how we’re continuously enhancing data security for everyone.

Our Commitment

“Bottle Rocket will protect the confidentiality, integrity, and availability of its IT systems, services, applications, and data – whether on premises or in the cloud by collaborating with the business to manage IT security risks, threats, vulnerabilities, incidents and limit the negative impact to the company, in support of the business needs.”

Bottle Rocket Security Highlights

Security Culture

Operational Security

Technology

Data Access & Restrictions

Compliance Certifications

We are excited and proud to announce Bottle Rocket has achieved SOC 2 Type 1 Certification.

A SOC 2 Type 1 audit was conducted to assess and report on the design and implementation of controls within our systems and processes. The purpose of this audit was to evaluate the trustworthiness and security of service providers that handle sensitive data for our clients. SOC 2 stands for Service Organization Control 2, which is a set of criteria established by the American Institute of Certified Public Accountants (AICPA) to ensure the security, availability, processing integrity, confidentiality, and privacy of data.

SOC Trust Services Criteria

Our Security Documentation

Hover over the images below for additional details on each document’s content. Need access to specific documents? A signed NDA is required.

Information Security Policy

The Information Security Policy sets forth rules and processes for Rocketeers as the standard around acceptable use of Bottle Rocket’s information technology, including networks, and applications to protect data confidentiality, integrity, and availability.

This policy designed specifically for Bottle Rocket is in alignment the Information Security at Ogilvy and the WPP Data Privacy and Security Charter, and builds upon standards set by our parent organization

Information Security White Paper

The Information Security White Paper is to be used to inform external parties about the Bottle Rocket’s security culture, policies, and systems along with our ongoing efforts to continually improve protection for our clients.

SOC 2 Type 1 Audit Report

A SOC 2 Type 1 audit was conducted for BR to assess and report on the design and implementation of controls within BR’s systems and processes. The purpose of this audit is to evaluate the trustworthiness and security of service providers that handle sensitive data for our clients. SOC 2 stands for Service Organization Control 2, which is a set of criteria established by the American Institute of Certified Public Accountants (AICPA) to ensure the security, availability, processing integrity, confidentiality, and privacy of data.

Asset Management Standard

This ITAM Standard was designed to support the Bottle Rocket IT Asset Management Policy through implementation of standards-based processes using a risk-based approach.

Asset Management Policy

The Bottle Rocket IT Asset Management Policy provides guidance for implementation of a systematic approach to aid in the identification, documentation, and governance of physical and information assets and supports the Bottle Rocket IT Security Policy.

Data Classification Standard

The purpose of this data classification standard is to provide a system for protecting Bottle Rocket’s information that is critical to the organization. The standard divides data into three classifications: Restricted Confidential, Confidential, and Public.

Incident Response Plan

The purpose of this document is to provide Bottle Rocket with a standard process for the identification, assessment, and management of security incidents. In general, a security incident is a violation of Bottle Rocket’s information security policies, acceptable use policies, or standard information security practices

Identity & Access Management Standard

This standard specifies requirements for Identity and Access Management (IAM) controls required to protect the confidentiality, integrity, and availability of Bottle Rocket’s information assets, and electronic information belonging or pertaining to third parties, from unauthorized access, use, modification, or destruction.

Risk Management Standard

This Standard defines specific processes to implement to ensure Bottle Rocket successfully manages the organization within acceptable risk appetite thresholds. This Standard was developed to support the Bottle Rocket Risk Management Policy. The objective of this Standard is a consistent and effective approach for identification, categorization, assessment, treatment, reporting, and monitoring of risk.

Risk Management Policy

This policy defines how Bottle Rocket will manage information and application security risks. The policy and the supporting guidance establish Bottle Rocket’s underlying approach to risk management by clarifying the roles and responsibilities of staff. It aims to support those staff with particular involvement in anticipating, assessing and managing risks so that they can make timely and well-founded risk-informed decisions.

Software Design Life Cycle

This plan, which includes supporting policy and proceed guidance, is designed to provide team members with a documented and formalized Agile Software Development Life Cycle approach that can be adhered to and utilized throughout Bottle Rocket. Compliance with this plan helps ensure the safety and security of information resources.

Vendor Risk Management Plan

Bottle Rocket recognizes the need to utilize external vendors to perform various information technology related services. To ensure the security of Bottle Rocket’s information and assets, a Vendor Risk Management (VRM) Program must be implemented providing direction to vendors, customers, and the use of third-party or open-source software for cybersecurity and privacy requirements that are in accordance with our security requirements, as well as relevant laws and other legal obligations.

Change Control Standard

The purpose of this policy is to establish high-level objectives for change management and project management control. This policy will ensure the implementation of change management and control strategies to reduce associated risks of disrupting Bottle Rocket business operations.

Physical Access Control Standard

The purpose of this Physical Access Control Standard is to demonstrate access to Bottle Rocket’s facilities and assets is limited to authorized individuals and shall be protected from malicious activity.

Security Awareness Training Policy

Request Access

Please complete in order to gain access to the security documentation that Bottle Rocket provides.

our philosophy on data usage

Bottle Rocket clients own their data, not Bottle Rocket. The data that clients put into our systems is theirs, and we do not scan it for advertisements, nor do we sell it to third parties. Bottle Rocket will not process data for any purpose other than to fulfill our contractual obligations. Furthermore, if customers delete their data, we commit to deleting it from our systems within 180 days.