Security policy

Our Security policy describes the organizational and technical measures we have implemented to prevent unauthorized access, use, alteration or disclosure of customer data.

BitaBIZ is committed to maintain our Security policy and we must continuasly seek to improve the protection of our customers.

Network and application security

 

Data Hosting and Storage

BitaBIZ runs in the cloud. We do not run our own routers, load balancers, DNS servers, or physical servers.

BitaBIZ services and data are hosted at:

  1. Microsoft Azure in the EU
  2. Hestner online in the EU

 

Virtual Private Cloud

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal production environment. Login to our production environment is only via Dome9 that provide audit logs for all activity.

Our VPC is protected by Cloudflare web application firewall (WAF), BitaBIZ is protected against all important safety risks. BitaBIZ WAF is certified by the PCI Security Standards Council.

BitaBIZ is delivered via Microsoft .NET technology platform. Our Microsoft resources like MS SQL are always updated with latest security updates.

 

Back Up

BitaBIZ has an automated backup solution implemented. Backup runs every 24 hours.

 

Encryption

All data sent to or from BitaBIZ is encrypted in transit using 256 bit encryption.

Our API and application endpoints are TLS/SSL only.

This means BitaBIZ has HSTS fully enabled.

 

Pentests and Vulnerability Scanning

BitaBIZ uses third party security tools like BlackstoneONE to continuously scan for vulnerabilities.

 

Platform monitoring

BitaBIZ use New Relic real time platform monitoring. This enables us to monitor performance and quickly identify errors.

Product security

 

SAML 2.0

Single Sign-on (SSO) allows your company to authenticate users in your own systems without requiring them to enter login credentials to BitaBIZ.

 

SCIM

User provisioning allows your company to control and manage user creation and access control from your own systems.

 

User role Permissions (privacy by design)

BitaBIZ has build in settings and permission management.

Permission roles include:

  • System admin
  • Global payroll admin
  • Local Payroll admin
  • External admin
  • HR statistics
  • Approver role
  • User role

Settings management:

  • Default settings
  • GDPR setting
  • User settings

 

Password and Credential Storage

Password based authentication, user passwords are encrypted using the protocol SHA.

 

Uptime

We have uptime of 99.8% or higher. You can check our past month stats at https://status.bitabiz.com/

Internal security

 

Training

All employees are informed of our security policy.

 

Policies

Our setup does not allow our staff to access business resources outside our implemented security policy.

 

Employee Vetting

BitaBIZ performs background checks on all new employees including employment verification and criminal checks for Danish employees.

 

Confidentiality

All employee contracts include:

  • a confidentiality agreement.
  • GDPR code of conduct policy.

 

Internal permissions and authentication

  • Access to customer data is limited to authorized employees who require it for their job.
  • BitaBIZ have a Single Sign-On (SSO) policy to all business resources. SSO is a requirement for implementing a business resource. We manage resource access from one central portal. Access to a resource is only granted if relevant for the job function.
  • We monitor and Audit log login to all company resources.
  • All actions taken on production consoles are logged.
  • We have strong password policies.

 

Data protection officer

BitaBIZ has appointed an internal data protection officer. The employee is responsible for QA our data security and data protection program.
The employee report to the board of directors on security and data compliance matters.

 

Incident response plan

BitaBIZ will notify you in writing upon verification of a security breach of the BitaBIZ services that affects your data.
Notification will describe the breach and the status of our investigation. Notifications are given within 48 hours.

 

Hardware

All employees have company paid PC and Mobile secured with company managed firewall and security scan.

 

BitaBIZ Security Policy accompanies BitaBIZ terms & conditions (System2 25.05.2018).