Security guidelines
Bazaarvoice is committed to maximizing the security of our systems and protecting your data from unauthorized access. This topic outlines the security guidelines that you and Bazaarvoice employees must follow to prevent security incidents.
Note: The guidelines on this page are specific to the Bazaarvoice Portal. However, the general principles and best practices outlined are also applicable to account administrators who manage Workbench roles and permissions.
Passwords
- Users should use strong passwords. A strong password is at least 10 characters in length, includes a mix of uppercase and lowercase letters, symbols, and numbers, and doesn’t solely rely on dictionary words or common substitutions, such as replacing an “o” with a “0” in “v0ice.”
- Never share your password with another employee or contractor. If you need to provide account access to another person, have your account administrator create an account with the appropriate set of permissions for that person.
- Bazaarvoice employees cannot email or message you a password to access your account. When you create an account or reset your password, you receive an email with a private link to configure your password.
- Visit the Forgotten password page to reset your password.
Note: You cannot reset your password more than once every two hours, and you cannot reuse any of your last 12 passwords.
User creation
- After your account is provisioned, Bazaarvoice employees cannot create new users for you. You must work with the account administrator at your company to create new users.
- Bazaarvoice recommends you limit account access to users with email addresses belonging to your company domain, such as jane.doe@yourCompany.com. Creating user accounts with personal email addresses, such as jane.doe@gmail.com, is strongly discouraged.
Account access
- All users on your production environment must be approved employees or contractors at your company.
- Each employee or contractor at your company should have a unique user account. Sharing user accounts can cause issues with access, setup, and accountability.
Note: A contractor working for multiple Bazaarvoice clients should use separate user accounts for each client instance.
- If you need to create a test user, create the user in your staging environment instead of your production environment.
- Bazaarvoice employees cannot create users in your client account.
- Bazaarvoice employees cannot use your user profile to sign in to your client account.
- Access to your client account is limited to a trained subset of Bazaarvoice employees. These employees have read-only access to your account to best assist you during troubleshooting.
- Bazaarvoice employees cannot view personally identifiable information (PII).
Account administrators
- Each client account must have at least one account administrator.
- Limit account administrators to a small subset of your employees who have received appropriate training.
- Refer to your profile page to view your current administrator.
- To request a new account administrator, your company’s primary contact with Bazaarvoice must contact Bazaarvoice Support or your Bazaarvoice client success director.
- Consider the possibility that your account administrator leaves your company. You should have a trained backup or replacement to prevent account access delays.
Privacy managers
- Privacy managers are users that can process Right to Access and Right to be Forgotten GDPR compliance requests on your account.
- To request a new privacy manager account, your company’s primary contact with Bazaarvoice must contact Bazaarvoice Support or your Bazaarvoice client success director.
- Bazaarvoice employees cannot process Right to Access or Right to be Forgotten GDPR compliance requests on your behalf.