Bazaarvoice is committed to maximizing the security of our systems and protecting your data from unauthorized access. This topic outlines the security guidelines that you and Bazaarvoice employees must follow to prevent security incidents.

Limitation of scope

Note: The guidelines in this topic do not apply to Bazaarvoice Workbench. While some of the guidelines outlined here are general security best practices, the topic is written specifically for the Bazaarvoice Portal, which enforces or will enforce the listed guidelines natively in its design.

Bazaarvoice is working to consolidate Workbench functionality within Portal, but for now, account administration for Portal users and solutions remains separate from account administration for Workbench users.

Bazaarvoice recommends you apply the same general principles for managing passwords and limiting account access in Workbench as in Portal.

Passwords

  • Users should use strong passwords. A strong password is at least 10 characters in length, includes a mix of uppercase and lowercase letters, symbols, and numbers, and doesn’t solely rely on dictionary words or common substitutions, such as replacing an “o” with a “0” in “v0ice.”
  • Never share your password with another employee or contractor. If you need to provide account access to another person, have your account administrator create an account with the appropriate set of permissions for that person.
  • Bazaarvoice employees cannot email or message you a password to access your account. When you create an account or reset your password, you receive an email with a private link to configure your password.
  • Visit the Forgotten password page to reset your password.
    Note: You cannot reset your password more than once every two hours, and you cannot reuse any of your last 12 passwords.

User creation

  • After your account is provisioned, Bazaarvoice employees cannot create new users for you. You must work with the account administrator at your company to create new users.
  • Bazaarvoice recommends you limit account access to users with email addresses belonging to your company domain, such as jane.doe@yourCompany.com. Creating user accounts with personal email addresses, such as jane.doe@gmail.com, is strongly discouraged.

Account access

  • All users on your production environment must be approved employees or contractors at your company.
  • You cannot share user accounts. Each employee or contractor at your company must have a unique user account.
  • If you need to create a test user, create the user in your staging environment instead of your production environment.
  • Bazaarvoice employees cannot create users in your client account.
  • Bazaarvoice employees cannot use your user profile to log in to your client account.

In addition to the current guidelines on account access, Bazaarvoice is upgrading its systems to support the following security improvements:

  • Access to your client account is limited to a trained subset of Bazaarvoice employees. These employees have read-only access to your account to best assist you during troubleshooting.
  • Bazaarvoice employees cannot view personally identifiable information (PII).

Account administrators

  • Each client account must have at least one account administrator.
  • Limit account administrators to a small subset of your employees who have received appropriate training.
  • Refer to your profile page to view your current administrator.
  • To request a new account administrator, your company’s primary contact with Bazaarvoice must contact Bazaarvoice Client Care or your Bazaarvoice client success director.
  • Consider the possibility that your account administrator leaves your company. You should have a trained backup or replacement to prevent account access delays.

Privacy managers

  • Privacy managers are users that can process Right to Access and Right to be Forgotten GDPR compliance requests on your account.
  • To request a new privacy manager account, your company’s primary contact with Bazaarvoice must contact Bazaarvoice Client Care or your Bazaarvoice client success director.
  • Bazaarvoice employees cannot process Right to Access or Right to be Forgotten GDPR compliance requests on your behalf.

Contractors

  • Contractors must have a unique user account for each Bazaarvoice client they service.

In addition to the current guidelines on contractor access, Bazaarvoice is upgrading its systems to support the following security improvement:

  • A contractor working for multiple Bazaarvoice clients cannot use the same user account to access all client instances they support.