Billez is committed to protecting its information and that of its customers. This is vital to the success of our Business. Customers across the globe trust us with their data security. This page provides information on our security measures.
Our Information Security Strategy involves the following components:
- Information Security Governance
- Human Resources Security
- Cloud Security
- IT Security
- Incident Management
- Vulnerability Management
- Product Security
- Physical Security
- Business Continuity & Disaster recovery
Information Security Governance
- Well-established Information Security Program.
- Well-established Security Policies and Procedures.
- Well-defined Security Roles and Responsibilities.
- Active Participation from Billez’s Leadership team.
- A dedicated team of security and privacy professionals.
- Security audits are performed to monitor compliance with Security requirements.
Human Resources Security
- Background Verification (BGV) is performed.
- Upon joining Billez, employees are required to sign the Non-Disclosure Agreement and other documents, which include mandatory security clauses.
- All employees are mandatorily trained on Security and Privacy requirements.
- Billez Platform is hosted in AWS and designed as a multi-tenant architecture.
- Data at rest is encrypted.
- Data in transit is encrypted.
- DDOS Protection is enabled.
- API Throttling is enabled.
- All systems in the cloud are protected by Antivirus.
- Threat detection is enabled.
- All our instances run on AWS VPC (Virtual Private Cloud).
- Single Sign On (SSO) is implemented.
- Servers are Hardened based on CIS benchmark standards.
- Industry Standard tools leveraged for periodic security assessments.
- Data Masking feature is implemented on sensitive data.
- Systems run from multiple AWS Availability Zones.
- Support for On-demand scale of stateless server farms.
- Billez sites are hosted to handle both hardware and availability zone failures.
Backup and Recovery
- Snapshots are taken for all the Critical Servers at regular intervals.
- Database: Billez employs different techniques like always-on configuration, full backups, incremental backups, and image snapshots to recover from any failure.
- Database backups are encrypted using native encryption.
- All backups are stored in encrypted storage.
- Periodic restoration checks are performed.
Logging & Monitoring
- Industry-standard tools leveraged for logging, monitoring, analysis, and incident management.
- The site is continuously monitored for uptime.
- Different types of Logs, like Event Logs, Application Logs, Infrastructure Logs, and Audit Logs are enabled.
- The site Reliability Engineering team monitors the operations 24/7/365.
- By default, administrative access is not provided, and guest accounts are disabled.
- By default, all the endpoints have USB blocked.
- All endpoints have an anti-virus installed and configured for the latest patches.
- All endpoints are encrypted.
- Endpoint Detection and Response (EDR) is enabled.
- Network Intrusion Prevention System (NIPS) is Implemented.
- URL Filtering feature is enabled.
- Data Loss Prevention (DLP) is configured to monitor sharing of critical information.
- E-mail communications are scanned at the gateway to prevent infection from malicious software and programs.
- VPN (Remote Access Service) with MFA enabled for access from remote.
Backup & Recovery
- Internal IT servers are backed up on a regular basis.
- Periodic Restoration checks are performed.
- Redundant Internet Services Providers (ISP).
- Auto failover and fallback are both enabled on ISPs.
- High Availability(HA) Firewall system is established.
- In addition to the Primary DC (Domain Controller), Additional DC are maintained in the cloud and other regions.
Logging & Monitoring
- Central Log server was established for Server Logs, Network and Security device Logs, AV Logs, and Admin User Logs.
- The Logs are monitored continuously for appropriate actions.
- All Internet connections are monitored for availability.
- Security Incident Management System is established.
- Security Incidents are logged and tracked to closure.
- Incidents related to security can be reported by Billez employees, customers, vendors by writing e-mails to firstname.lastname@example.org
- Vulnerability Management Program in place
- Vulnerability Assessments are conducted periodically on the infrastructure and findings, if any, are tracked to closure.
- Penetration Testing is conducted on a periodic basis and findings, if any, are tracked to closure.
- Static code testing: Various static code checks like Code Style, Security ( includes OWASP Top 10), Error Prone, Performance, Compatibility, and Unused Code are performed before code check-ins.
- Application Security Testing is performed. The guidelines followed included OWASP Top 10, CWE/SANS Top 25, PCI DSS Penetration Testing Guidelines, and other industry best practices as applicable.
- Source control system is in place for the code repository.
- Developer code is reviewed before being committed.
- All changes are tested thoroughly by the Quality Assurance team.
- Static code testing is performed.
- Application security testing is performed.
- The Billez Platform provides Roles and Permissions that allows users to be configured to access the platform based on their roles only.
- Extensive Product Logging is available for the Billez Product to meet compliance requirements.
- Physical access to Billez premises and server rooms is controlled at the entry and exit doors by proximity-based access control system.
- Billez premises and server rooms are continuously monitored through CCTV Cameras.
- Devices are installed and preventive measures are in place for protection against environmental hazards including but not limited to fire, power outages, fluctuations.
Business Continuity & Disaster recovery
- BCP ( Business Continuity Planning ) Scenarios are identified as part of Business Impact Analysis.
- BCP scenarios are tested on a periodic basis as part of disaster recovery readiness.