SECURITY AT BIZIMPLY
Enterprise-grade
data protection
Maintaining the security, integrity, and confidentiality of your data is our top priority.
Enterprise-grade
Bizimply Security and Data Privacy
At Bizimply, we take security very seriously. We have worked hard to develop a strong corporate culture, centred around security. This culture starts at the top with senior management and encompasses all staff members. Each year we actively invest in a continuous improvement program, designed to not only maintain but improve our overall security posture. In 2017, as part of this commitment to security best practices, we deployed an Information Security Management System (ISMS) based on the recommendations of ISO27001:2013, including risk management, business continuity, incident management, physical security, security awareness training and much more. We have engaged a qualified ISO Auditor to work with us on alignment steps, to ensure our company’s activities are focused in the correct areas.
Privacy by design
Privacy by design and privacy by default are concepts entrenched in Bizimply Services. In addition, because we recognise that the GDPR is a critical business priority for our customers, Bizimply continues to work closely with the guidance provided by the EU supervisory authorities in relation to GDPR. This helps us to ensure our compliance program remains up-to-date.
Policies
At Bizimply we have a comprehensive library of security policies which all of our staff have been trained in. These include acceptable use policies, hardening standards, coding standards, access control, change management, incident response, Business Continuity Planning, patching etc.
Procedures & Practices
We have a comprehensive array of Information Security controls, including asset management, access control systems and other detective, preventative, deterrent and recovery controls. We retain our transaction logs as long as necessary to be able to oversee these controls. Our recovery controls make sure that we maintain production environments for our clients in the event of an unscheduled outage. We use CIS controls and CIS benchmark for our infrastructure to provide a global standard towards our internet security.
Governance
Security is taken seriously by our senior management, who perform the information security governance to oversee the cybersecurity / infrastructure teams responsible for mitigating business risk.
Encryption
- Encryption of Data in Transit (Network Security)
Users access Bizimply via the internet. This access is protected by Transport Layer Security (TLS). This secures network traffic from passive eavesdropping, active tampering, and forgery of messages.
- Encryption of Data at Rest (Database Security)
Data is encrypted at rest using Advanced Encryption Standard (AES) algorithm with a key size of 256 bits. In addition, the keys to access that data are managed through AWS Key Management Service (KMS).
External Audits
The operations, policies, and procedures at Bizimply are audited regularly to ensure that Bizimply meets and exceeds all standards expected of service providers. We perform annual vulnerability and penetration testing of our environments. This is performed by external qualified penetration testing professionals. OSCP certification is required of our testers to ensure competence.
Back-Ups
Bizimply runs encrypted backups every 6 hours. We keep a backup snapshot of our database for 35 days thereafter.
Remote Work
Remote working has rapidly become a way of life for many in 2020. In Bizimply, we already had secure facilities, enabling our employees to work and support our infrastructure from their home locations.
Authentication
Bizimply has built-in controls to strengthen our application’s authentication and prevent unauthorised access. For example, user account can have a strong password policy enforced by default.
Authorization
Bizimply application enforces Role-Based Security for authorisation. Different roles and permissions can be set up for administrative, management, HR, payroll and general employees. Each role can be designed to only grant the appropriate level of access based on the security principles of “Least Privilege”.
You can report a security concern or question by emailing us at [email protected].
