Security and Privacy
at Bisan Systems Ltd.

We implement robust cyber-security measures, including role-based access, strong encryption, two-factor authentication, and user-defined controls for data entry, document printing, electronic signatures, and third-party login options, ensuring comprehensive protection of sensitive information.

What we do

Governance

Bisan Systems’ Security and Privacy teams establish policies and controls, monitor compliance with those controls, and prove our security and compliance to third-party auditors.

Our policies are based on the following foundational principles:

01.

Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.

02.

Security controls should be implemented and layered according to the principle of defense-in-depth.

03.

Security controls should be applied consistently across all areas of the enterprise.

04.

The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

Security and Compliance at Bisan Systems Ltd.

Bisan Systems is working on completing SOC 2 Type II attestation. Our SOC 2 Type II report will be available on our website before the end of 2024.

Data protection

Data at  rest

All sensitive customer data is encrypted at rest using strong, industry - recognized algorithms.

Data in transit

Bisan Systems uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also use SSL/TLS, IPSEC and SSH to facilitate the encryption of data in transit. When data is moved outside AWS, SSH secure protocol is used.

Secret management

Bisan Systems use GnuPG (GPG) 2048-bit RSA encryptions keys to encrypt customers databases backups, keys are stored on Google Drive and only accessible by key technical employees.

Bisan SSL certificate keystore used for java applications also uses a 2048-bit RSA key and is stored in the java application folder and has strictly limited access.

Product Security

Penetration Testing

Bisan Systems is currently engaged with Blueside Cybersecurity Pty to perform penetration testing. All areas of Bisan Systems’ products and cloud infrastructure are in-scope for these assessments. We will publish the penetration test report on our website during 2024.

Vulnerability scanning

Bisan Systems requires Static analysis (SAST) testing of code during pull requests and on an ongoing basis.

Bisan Systems undergoes Network vulnerability scanning on an ongoing basis utilizing AWS inspector. In addition to AWS GuardDuty for intrusion detection for all AWS instances to discover external attacks.

Enterprise Security

Endpoint protection

All corporate devices are centrally managed and are equipped with Sophos Endpoint protection. Endpoint security alerts are monitored with 24/7/365 coverage.

We utilize Vanta to monitor screen lock configuration.

Secure remote access

Bisan Systems secures remote access to internal resources using Forticlient VPN on each machine. We also use malware-blocking Sophos Endpoint Agent to protect employees and their endpoints while browsing the internet.

Secure remote access

Bisan Systems secures remote access to internal resources using Forticlient VPN on each machine. We also use malware-blocking Sophos Endpoint Agent to protect employees and their endpoints while browsing the internet.

Security education

Bisan Systems provides comprehensive security training to all employees upon onboarding and annually through educational modules within Vanta’s platform. In addition, all new employees attend a mandatory live onboarding session centered around key security principles. All new engineers also attend a mandatory live onboarding session focused on secure coding principles and practices.

Bisan Systems’ security team shares regular threat briefings with employees to inform them of important security and safety-related updates that require special attention or action.

Identity and access management

Bisan Systems controls physical access through individualized RFID access control devices.

Bisan Systems employees are granted access to applications based on their role based on the principle of least privilege, and automatically unprovisioned upon termination of their employment. Further access must be approved according to the policies set for each application.

Vendor security

Bisan Systems uses a risk-based approach associated with suppliers and the technology supply chain. Where warranted, agreements with suppliers shall include requirements to address the relevant information security risks associated with information and communications technology services and the product supply chain.

Factors which influence the inherent risk rating of a vendor include:

Access to customer and corporate data
Integration with production environments
Potential damage to the Bisan brand

Once the inherent risk rating has been determined, the security of the vendor is evaluated to determine a residual risk rating and an approval decision for the vendor.

Privacy Policy

At Bisan Systems Ltd, accessible from https://www.bisan.com, one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected and recorded by Bisan Systems Ltd. and how we use it.

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.

This Privacy Policy applies only to our online activities and is valid for visitors to our website with regard to the information that they shared and/or collected in Bisan Systems Ltd. This policy is not applicable to any information collected offline or via channels other than this website.

Consent

By using our website, you hereby consent to our Privacy Policy and agree to its terms.

Information we collect

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

When you register for an Account, we may ask for your contact information, including items such as name, company name, address, email addresses, telephone and mobile numbers; in addition to contact information about users of your account. We may also ask for company registration information and documents.

How we use your information

We use the information we collect in various ways, including to:

  • Provide, operate, and maintain our website
  • Improve, personalize, and expand our website
  • Understand and analyze how you use our website
  • Develop new products, services, features, and functionality
  • Communicate with you, including for customer service to provide you with updates and other information relating to the website, and for marketing and promotional purposes
  • Send you emails and messages
  • Find and prevent fraud

Log Files

Bisan Systems Ltd. follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this as a part of hosting services' analytics. The information collected by log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information.

Cookies and Web Beacons

Like any other website, Bisan Systems Ltd. uses 'cookies'. These cookies are used to store information including visitors' preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users' experience by customizing our web page content based on visitors' browser type and/or other information.

Third Party Privacy Policies

Bisan Systems Ltd.'s Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options.

You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers' respective websites.

CCPA Privacy Rights (Do Not Sell My Personal Information)

Under the CCPA, among other rights, California consumers have the right to:

  • Request that a business that collects a consumer's personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.
  • Request that a business delete any personal data about the consumer that a business has collected.
  • Request that a business that sells a consumer's personal data not sell the consumer's personal data.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

  • The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
  • The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
  • The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.

Children's Information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

Bisan Systems Ltd. does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.