SECURITY AT BIZIMPLY

Enterprise-grade
data protection

Maintaining the security, integrity, and confidentiality of your data is our top priority.

 

Frequently Asked Questions

Where are your servers located?

Our servers are with Amazon Web Services AWS and are hosted within the EU. For more information on AWS, Click Here

Who has access to the servers?

Only certain members of our team have authorisation to access the servers. All employees are required to use a VPN when accessing the organisation’s systems from all remote locations?

What about physical security?

AWS infrastructure is housed in Amazon-controlled data centers throughout the world. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers.

Do we Pen test?

We perform regular vulnerability and penetration testing of our environments.  This is performed by a certified OSCP professional

Is the data encrypted?

Yes all Bizimply SSL certificates support 256 bit SSL encryption, the same level of encryption used by online banks. This ensures all communications to and from the Bizimply application are encrypted in bank-grade security protocol.

Is the data shard?

Yes, Customer data is sharded (separated) into different database partitions. This ensures there is no data overlap / loss of data integrity between customers.

What happens photos that are taken on the iPad/Timestation?

Photographs are accessible via the Timestation App only. They are not available in camera roll or elsewhere on the device/iPad Photographs are automatically deleted from the Timestation App within 28 days

Where do I report a security concern?

You can report a security concern by emailing us at support@Bizimply.com

Within Bizimply, we secure your information in a number of ways:
 
Coding Guidelines and Checks
 
  • We enforce strong coding guidelines.
  • All Ajax response action pages are secured against being called directly.
  • Included files cannot be linked to directly.
  • Query parameter checking is used everywhere to type-check and secure against SQL injection attacks.
  • URL and Form parameter checking is used everywhere to type-check user requests and secure against and prevent attacks.
  • All content that originates from a user is escaped with XSS filters preventing Cross Site Scripting attacks.
  • Integrated permission system prevents unauthorized access to objects.
 
User Access
 
  • All logins failed and successful are logged
  • Incorrect login attempts over user defined threshold locks account for a period of time
  • Changing a users password automatically logs out all other sessions where the current user is logged in
  • Passwords are never sent via email.
 
Database
 
  • The database has character escaping turned off.
  • Passwords are stored in hashed format using Bcrypt – even with access to the database, passwords cannot be determined.
  • Multiple-line SQL statement execution disabled to prevent SQL injection attacks.
 
Server Setup
 
  • Error reports are automatically emailed to developers – this also shows any hacking attempts.
  • High security SSL is used online for all logins and is an option for any accounts using a Custom Domain
  • Policies include routine changing of server access passwords.
  • All OS and middleware security updates applied and routinely checked.
  • All unnecessary services are disabled.
  • High strength passwords, 2FA and IP restrictions are used.
  • Debugging only available to registered IP Addresses.
  • Execute permissions disabled on web folder to prevent uploaded files from being executed.
  • Pending files stored in non-web accessible location before being transferred to Amazon S3.
 
Hosting
 
  • Servers are in a highly secure location.
  • Access to servers is limited to a few people.
  • Firewall prevents access from unauthorized locations (except for port 80 basic HTTP, Port 443 for SSL and Port 8840 for Websocket implementation).
 
Testing and Awareness
 
  • We monitor general Internet security threats and ensure all updates and hot fixes are promptly applied.
  • We have a number of scripts and tools such as SQLPowerinjector to test our interfaces.
  • QA Team utilize an API regression test.

Try Bizimply's All In One

Workforce Management Platform