Security Statement

BISIL’s SaaS solutions come with security to ensure that your data is never compromised.

BISIL’s SaaS solutions come with security to ensure that your data is never compromised. The security measures at BISIL include:

 Experienced, professional engineers and security specialists dedicated to round-the-clock data and systems protection
 Continuous deployment of proven, up-to-date security technologies
 Ongoing evaluation of emerging security developments and threats
 Redundancy throughout the online infrastructure
 Commitment to a secure, scalable, private, collocated system where BISIL manages its computing infrastructure
 

Server Security

Physical Security – Our SaaS solutions are hosted  in the cloud at facilities that provides redundant infrastructure to ensure that our solutions are continually available. We have had no downtime due to infrastructure issues since 2007.

Perimeter Defense – The network perimeter is protected by firewalls and monitored by intrusion detection systems. BISIL monitors and analyzes firewall logs to proactively identify security threats.
Systems Security – Inside the perimeter firewalls, the systems are safeguarded by network address translation, port redirection, and other techniques. The specific details of these features are proprietary.

Operating System Security – BISIL enforces tight operating system-level security by minimizing the number of access points to its production servers. We protect operating system accounts with strong passwords, and production servers do not share a master password database. All operating systems are hardened by disabling and/or removing any unnecessary users, protocols, and processes.

Server Management Security – All data and documents entered into the BISIL solutions by its customers owned by that customer. BISIL employees do not have direct access to the production equipment, except where necessary for system management, maintenance, monitoring, and backups. BISIL does not utilize any managed service providers. The BISIL systems engineering team provides all system management, maintenance, monitoring, and backups.

Application Security

Security Model – Our application security model prevents one customer from accessing another’s data. This security model is reapplied with every solution and enforced for the entire duration of a user session.

User Authentication – Users access BISIL hosted solutions only with a valid username and password combination, which is encrypted via SSL while in transmission. An encrypted session ID cookie is used to uniquely identify each user.

Database Security – Whenever possible, database access is controlled at the operating system and database connection level for additional security. Access to production databases is restricted to a limited number of points, and production databases do not share a master password database.

Communication Security

Data Encryption – BISIL employed encryption products to protect customer data and communications using contemporary tools, techniques and methods. The lock icon in the browser indicates that data is fully shielded from access while in transit.

Redundancies and Backup

Reliability and Backup – All networking, storage and computing components have built in redundancies and backups based on customer options to ensure continued application availability.

Disaster Recovery – BISIL has redundant cloud capabilities and capacity to take care of eventualities if production facilities were to be rendered unavailable for some reason. At the minimum we ensure that we have alternative production environment capacity at different geographical locations on the cloud. This provides us the redundancy that would be utilized in the event of one of our production facilities becoming unavailable. Our Disaster Recovery goals are designed to (a) Minimize interruptions to the normal operations (b) Limit the extent of disruption and damage (c)Minimize the economic impact of the interruption (d) Establish alternative means of operation in advance (e) To provide for smooth and rapid restoration of service.

Last updated Jan 10, 2024