Security and Privacy
at Bisan Systems Ltd.

We implement robust cyber-security measures, including role-based access, strong encryption, two-factor authentication, and user-defined controls for data entry, document printing, electronic signatures, and third-party login options, ensuring comprehensive protection of sensitive information.

Contact us

Governance

Bisan Systems’ Security and Privacy teams establish policies and controls, monitor compliance with those controls, and prove our security and compliance to third-party auditors.
Our policies are based on the following foundational principles:
  • Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.
  • Security controls should be implemented and layered according to the principle of defense-in-depth.
  • Security controls should be applied consistently across all areas of the enterprise.
  • The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

SOC 2 Compliance and Type II Attestation at Bisan Systems Ltd.

Bisan Systems is SOC 2 Type II Compliant. We have completed our audit for Type II Attestation. You can find the Trust Center information and our commitment for continued security and data privacy.

Data protection

Data Encryption

Bisan Systems uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also use SSL/TLS, IPSEC and SSH to facilitate the encryption of data in transit. When data is moved outside AWS, SSH secure protocol is used.

Secret management

Bisan Systems use GnuPG (GPG) 2048-bit RSA encryption keys to encrypt customers databases backups, keys are stored on Google Drive and only accessible by key technical employees.

Bisan SSL certificate keystore used for Java applications, also uses a 2048-bit RSA key and is stored in the Java application folder and has strictly limited access.

Product Security

Bisan Systems requires Static analysis (SAST) testing of code during pull requests and on an ongoing basis.

Bisan Systems undergoes Network vulnerability scanning on an ongoing basis utilizing AWS inspector. In addition to AWS GuardDuty for intrusion detection for all AWS instances to discover external attacks.

Enterprise Security

Endpoint Protection

All corporate devices are centrally managed and are equipped with Sophos Endpoint protection. Endpoint security alerts are monitored with 24/7/365 coverage.

We utilize Vanta to monitor screen lock configuration.

Secure Remote Access

Bisan Systems secures remote access to internal resources using Forti-Client VPN on each machine. We also use malware-blocking Sophos Endpoint Agent to protect employees and their endpoints while browsing the internet.

Security Education

Bisan Systems provides comprehensive security training to all employees upon onboarding and annually through educational modules within Vanta's platform. In addition, all new employees attend a mandatory live onboarding session centered around key security principles. All new engineers also attend a mandatory live onboarding session focused on secure coding principles and practices.

Bisan Systems’ security team shares regular threat briefings with employees to inform them of important security and safety-related updates that require special attention or action.

Identity and Access Management

Bisan Systems controls physical access through individualized RFID access control devices.

Bisan Systems employees are granted access to applications based on their role based on the principle of least privilege, and automatically unprovisioned upon termination of their employment. Further access must be approved according to the policies set for each application.

Vendor Security

Bisan Systems uses a risk-based approach associated with suppliers and the technology supply chain. Where warranted, agreements with suppliers shall include requirements to address the relevant information security risks associated with information and communications technology services and the product supply chain.

Factors which influence the inherent risk rating of a vendor include:

Access to customer and corporate data
Integration with production environments
Potential damage to the Bisan brand

Once the inherent risk rating has been determined, the security of the vendor is evaluated to determine a residual risk rating and an approval decision for the vendor.

Privacy Policy

At Bisan Systems Ltd., accessible from https://www.bisan.com, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that are collected and recorded by Bisan Systems Ltd. and how we use it.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us

This Privacy Policy applies only to our online activities and is valid for visitors to our website with regard to the information that they shared with and/or collected by Bisan Systems. This policy is not applicable to any information collected offline or via channels other than this website.

Consent

By using our website, you hereby consent to our Privacy Policy and agree to its terms.

Information we collect

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send to us, and any other information you may choose to provide.

When you register for an Account, we may ask for your contact information such as name, company/organization name, address, email addresses, telephone and mobile numbers; in addition to contact information about users of your account. We may also ask for the company/organization registration proof and authorization proof to sign on behalf of the company/organization.

How we use your information

We use the information we collect in various ways, including to:

  • Provide, operate, and maintain our website
  • Improve, personalize, and expand our website
  • Understand and analyze how you use our website
  • Develop new products, services, features, and functionality
  • Communicate with you, including for customer service to provide you with updates and other information relating to the website, and for marketing and promotional purposes
  • Send you emails and messages
  • Find and prevent fraud

Log Files

Bisan Systems Ltd. follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this as a part of hosting services' analytics. The information collected by log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information.

Cookies and Web Beacons

Like any other website, Bisan Systems Ltd. uses 'cookies'. These cookies are used to store information including visitors' preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users' experience by customizing our web page content based on visitors' browser type and/or other information.

Third Party Privacy Policies

Bisan Systems Ltd.'s Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options.

You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers' respective websites.

CCPA Privacy Rights

Under the CCPA, among other rights, California consumers have the following key rights:

  • Right to know – Consumers have the right to know what personal information is being collected about them, why it’s being collected, and the categories of third parties with whom it may be shared.
  • Right to access – Consumers can request access to the personal data that companies have collected about them. The company must provide this information upon request.
  • Right to deletion – Consumers can request the deletion of their personal data held by companies, unless there are legal or regulatory reasons preventing the deletion.
  • Right to non-discrimination – Companies are prohibited from discriminating against consumers who exercise their rights under the CCPA, such as charging higher prices or offering lower quality services due to their privacy requests.
  • Right to opt-out of sale of data – Consumers have the right to opt out of the sale of their personal data to third parties. Companies must provide an easy way for consumers to exercise this right.
  • Right to correct data – In certain cases, consumers have the right to request the correction of inaccurate personal data held by companies.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us

GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights.
Every user is entitled to the following:

  • The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
  • The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
  • The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • The right to restrict automated decision-making and profiling – You have the right not to be subject to decisions based solely on automated processing, including profiling, unless certain conditions are met, such as explicit consent or the necessity of the decision for a contract.
  • The right to withdraw consent – If an individual's personal data is being processed based on consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing before the withdrawal.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us

Children's Information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their children’s online activity.

Bisan Systems does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.

copyright Copyright © 1988 - 2025 Bisan System Ltd.

Established in 1988

 | 

Online Applications Since 2002