B3 | Trust Center

Our Approach

Practical practices embedded in the platform to protect your data and keep it dependable—without the noise.

Secure by Default

Encryption in transit, strong access controls, and environment separation help safeguard your cloud data.

Validated & Monitored

Automated checks plus regular human review flag anomalies early and keep pipelines healthy.

Resilient Operations

Backups, change control, and alerting reduce risk and support quick recovery if issues arise.

Compliance & Standards

Security reviews go smoothly when things look familiar. We align our programme with recognised security, privacy and OT standards, and provide clear evidence during due diligence; policy excerpts, architecture notes and third-party reports are available on request.

SOC 2 Type II attestation for security, availability, confidentiality, and more.
ISO/IEC 27001 certification (ISMS), with cloud add-ons like 27017 / 27018 as applicable.
CSA STAR registry for cloud security assurance.
Privacy alignment: GDPR, CPRA/CCPA, PIPEDA (and Québec Law 25 if required).
Industrial/OT: ISA/IEC 62443 practices for IACS environments.
Identity: SSO (SAML 2.0), Azure AD, and MFA supported.
Logging: Signed audit trails; client access to security logs on request.

Items shown here reflect certifications/attestations achieved by B3 and regulatory alignments used during reviews. They are provided for information and do not, by themselves, confer certification or approval in your jurisdiction.

Partners

We meet customers where their stack already lives—including identity. We support SSO (SAML 2.0) with Azure AD and integrate with major clouds and plant-floor systems. Our ecosystem covers the usual suspects—hyperscale cloud, modern data stores, industrial gateways/edge compute (e.g., Intel-class devices), and the applications that move production along. We’ll tailor the final partner set to your requirements and procurement preferences.

Cloud & infra: Microsoft Azure, AWS, Google Cloud, HPE.
Hardware & edge: Intel and compatible industrial gateways.
Manufacturing apps & data connectors aligned to plant-floor systems.
Identity: Azure AD (Microsoft Entra ID) and SAML 2.0 providers.

Logos are for identification only and may be the property of their respective owners.

Responsible Disclosure

Security is a continuous, collaborative practice. If you believe you’ve found a vulnerability or weakness in our platform or any B3-managed asset, we welcome good-faith, responsible disclosure. Please share enough detail to help us reproduce the issue (affected URLs, steps, and impact). We’ll acknowledge receipt, triage, and keep you updated as we work toward a fix.

Security Checklist

Signed, timestamped audit logs of user actions.
Encryption in transit (TLS) and at rest (managed keys).
SSO (SAML 2.0), Azure AD, and MFA available.
Customer data isolated per tenant; least-privilege access.
Client access to security logs on request.
Scheduled penetration testing by arrangement.
Real-time facility monitoring with comprehensive logging.
Cyber insurance in place.
No third-party access to customer content.

Quick Answers

Signed audit trail of user actions? Yes.
Encryption at rest and in transit? Yes.
Client access to security logs? Yes.
SSO (SAML 2.0), Azure AD, MFA? Yes.
Mobile access supported? Yes.
Internet required? Yes.
GDPR-aligned? Yes.
Integrate our apps with our cloud provider? Yes.
Cyber insurance in place? Yes.

FAQ

Who can view customer data?

+

Authorised customer users and B3 operations only. Data is isolated per tenant with least-privilege access and audited activity.

Do you store PII on the platform?

+

No. We avoid storing personally identifiable information wherever possible. If limited identifiers are required (e.g., named accounts), they’re minimised and governed by contract and applicable privacy laws.

Do any third parties have access to customer data?

+

No. Hosting providers supply infrastructure but have no logical access to your content. Access to customer data is restricted to authorised B3 personnel under least-privilege controls.

Is additional software required to run B3?

+

No. B3 is delivered as a cloud service accessible via the web. Optional connectors for edge/plant integrations are provided as part of deployment when needed.

Do you monitor data centre access and platform access?

+

Yes. Physical access is controlled by the cloud provider with real-time monitoring and logs; B3 monitors platform and administrative access, with retained audit trails and periodic review.

Can customers schedule penetration tests of production or test environments?

+

Yes. We support customer-arranged tests under a coordinated window or in a designated test environment. Findings are triaged with remediation tracking.

Does B3 require internet access, and what if a plant has intermittent connectivity?

+

Yes—B3 is a cloud-hosted service. For sites with intermittent links, optional edge connectors can buffer locally and sync once connectivity is restored.