At The Bot Platform we take security and compliance incredibly seriously, so we've compiled the following tips to help you keep your bots as InfoSec compliant as possible.
Best InfoSec Practices for Admins
• Always defer to your company’s InfoSec policies and requirements.
• Be intentional with who you delegate as an Admin, as they can access and edit all organisation's bots and users Ensure that as the occasional bot builder leaves your company, their bots are transferred to an appropriate team member and that their account is deleted from The Bot Platform.
• Similarly, if someone is still an employee, but no longer need access to The Bot Platform, consider deleting their account.
Best InfoSec Practices for Bot Builders
• Always defer to your company’s InfoSec policies and requirements.
• Be transparent with users whether a bot is anonymous or not.
• Ensure that you only collect the data that you need, and advise users how their responses will be handled.
• If sharing your bot with another bot builder, use discretion when granting them permission to download the user data from a bot (the values collected against attributes).
• You can choose whether this access also includes personal profile data. Ensure that you thoroughly test your bot flow prior to broadcasting.
• When broadcasting, double check that you’re sending it to the appropriate audience.
• When configuring the content of your messages, make sure they are carefully crafted and do not include un-intended sensitive or personal information.