Security Policy

Last updated: 26/02/2023

Overview

Security is a top priority for our PivotPoint BMS platform. We are committed to protecting our users' data from unauthorized access and breaches. This security policy outlines the measures we have in place to protect our platform and user data.

Access Controls

Access to our platform is restricted to authorized users only. We require strong passwords and enforce two-factor authentication for all users. We limit access to sensitive data to a need-to-know basis and restrict access to our production environment.

Data Protection

We use encryption to protect user data both in transit and at rest. User data is stored in secure data centers that are audited regularly. We back up user data regularly and test our backups to ensure their integrity.

Network Security

We use firewalls to protect our network from unauthorized access. We monitor our network for suspicious activity and use intrusion detection and prevention systems to prevent attacks. We conduct regular vulnerability scans to identify and address any vulnerabilities.

Incident Response

In the event of a security incident, we have a documented incident response plan that outlines the steps we will take to contain and mitigate the incident. We will notify affected users promptly and provide updates as necessary. We will also take steps to prevent future incidents.

Compliance

We comply with relevant security standards, including ISO 27001 and SOC 2. We undergo regular security audits and assessments to ensure that we are meeting these standards.

Third-Party Providers

We use third-party providers for certain services, such as hosting and payment processing. We conduct due diligence on these providers and require them to adhere to our security standards.