SECURITY AT BIZIMPLY
Enterprise grade
data protection
Maintaining the security, integrity, and confidentiality of your data is our top priority.
Bizimply Security and Data Privacy
At Bizimply, our commitment to security is paramount. We diligently cultivate a robust corporate culture that places security at its core. Beginning with senior management and extending across all staff members, this culture underscores our unwavering dedication to safeguarding sensitive information. Annually, we proactively invest in a dynamic continuous improvement program, meticulously crafted to not only sustain but enhance our overall security.
We’re proud to have earned our ISO 27001 compliance certification.
Privacy by design
Privacy by design and privacy by default are concepts entrenched in Bizimply Services. In addition, because we recognise that the GDPR is a critical business priority for our customers, Bizimply continues to work closely with the guidance provided by the EU supervisory authorities in relation to GDPR. This helps us to ensure our compliance program remains up-to-date.
Policies
At Bizimply we have a comprehensive library of security policies which all of our staff have been trained in. These include acceptable use policies, hardening standards, coding standards, access control, change management, incident response, Business Continuity Planning, patching etc.
Procedures & Practices
We have a comprehensive array of Information Security controls, including asset management, access control systems and other detective, preventative, deterrent and recovery controls. We retain our transaction logs as long as necessary to be able to oversee these controls. Our recovery controls make sure that we maintain production environments for our clients in the event of an unscheduled outage. We use CIS controls and CIS benchmark for our infrastructure to provide a global standard towards our internet security.
Governance
Security is taken seriously by our senior management, who perform the information security governance to oversee the cybersecurity / infrastructure teams responsible for mitigating business risk.
Encryption
- Encryption of Data in Transit (Network Security)
Users access Bizimply via the internet. This access is protected by Transport Layer Security (TLS). This secures network traffic from passive eavesdropping, active tampering, and forgery of messages.
- Encryption of Data at Rest (Database Security)
Data is encrypted at rest using Advanced Encryption Standard (AES) algorithm with a key size of 256 bits. In addition, the keys to access that data are managed through AWS Key Management Service (KMS).
External Audits
The operations, policies, and procedures at Bizimply are audited regularly to ensure that Bizimply meets and exceeds all standards expected of service providers. We perform annual vulnerability and penetration testing of our environments. This is performed by external qualified penetration testing professionals. OSCP certification is required of our testers to ensure competence.
Back-Ups
Bizimply runs encrypted backups every 6 hours. We keep a backup snapshot of our database for 35 days thereafter.
Remote Work
Remote working has rapidly become a way of life for many in 2020. In Bizimply, we already had secure facilities, enabling our employees to work and support our infrastructure from their home locations.
Authentication
Bizimply has built-in controls to strengthen our application’s authentication and prevent unauthorised access. For example, user account can have a strong password policy enforced by default.
Authorization
Bizimply application enforces Role-Based Security for authorisation. Different roles and permissions can be set up for administrative, management, HR, payroll and general employees. Each role can be designed to only grant the appropriate level of access based on the security principles of “Least Privilege”.
You can report a security concern or question by emailing us at [email protected].