To continuously improve our security, we use the ESMA guidelines to measure the maturity of our security programs.
Our team relies on ISO 27001 and ISO 27002 standards for managing Information System security, the provision of hosted services and SaaS applications, and the provision of services to all customers.
Security Education and Awareness
At B4finance, we consider our employees to be a critical line of defence in protecting and securing our company and customers’ data. We have a dedicated training program that drives the awareness, engagement, and education of our employees around security best practices and security feature adoption across our company.
In addition to our security awareness program, we review and update security policies and standards annually.
We use Multi-factor authentication, strong password policy, session expiration time-out for all user access.
Access rights are determined by a system of roles. Our system enforces a strict authorisation flow to all data access points (front users, API etc). Users are restricted from accessing data when they don’t have the right to do so.
Data Center Security
Customers’ data is hosted at selected infrastructure Tier3+ cloud service providers, depending on the service and region.
All facilities are strategically positioned across various geographic locations and with a high level of redundancy.
The certification, risk analyses, and safety information of our infrastructure providers can be consulted upon request from the technical support team.
B4finance infrastructure and applications are architected to achieve a high level of business continuity, which includes disaster recovery and high availability.
All databases and document storage systems are backed up daily.
Managing System and Application Updates
Critical security updates are deployed when they are made available to a qualifying environment and are then deployed to all environments if no anomalies have been identified during the validation phase.
All data transmitted to our system from front-end clients is encrypted using HTTPS and SSL. Our client data and critical infrastructure configurations are encrypted using AES 256-bit.
Access Monitoring and Audit Trail
We use strong audit mechanisms for platform access (logging, log forwarding, log analysis), as well as user action logs in the platform.
At B4Finance, we rigorously evaluate our security posture by testing our security controls and processes on a regular basis. We scan for vulnerabilities and conduct penetration tests across all environments.