Data Security

bmby Software Systems implements stringent information security strategy and is among the few companies in its field competent information security standard ISO 27001. As a result, the management team and employees are committed to quality execution of this strategy is also reflected at the level of infrastructure, physical security, computing, procedures and processes used by the organization. The high level of security is maintained at all times in carefully monitored twice a year by an external audit of the Israel Standards Institute.

Security system:

1. Applicative CSA certification (Certified Secure Application) and compliance with the international standards of the EC Council. Hence all the systems, the procedures for backups (external sites secure) encryption, set the DRP (Disaster Recovery Plan) and the development of Heather
2. Various software – meet the most stringent international standards of information security.
3. Overseeing all external sites secure infrastructure (buildings photographed, with entry control complex, rigorous access restrictions, and staffing 24/7/365); All information is backed alternative sites, including RAID Redundancy backup communications, and maintenance without downtime for the customer.
4. Disaster Recovery Plan / Business Continuity Plan – all information is backed up fully (Full Redundancy) at two different external and secure.
5. Physical security of the sites includes armed guards, walls peanuts and Mborzlim (Bullet Proof) at a confidence level of safety deposit boxes, elaborate fire extinguishing equipment, means of backup power, UPS and industrial generators.
   
6. Physical compartmentalization between servers: each client assigned to servers that are dedicated to him, and at the level of individual physical access to any other servers.
7. Maintenance at all sites – the main alternatives, including Patch Management.
8. Current backups of all data on all websites.
9. Gateway Security includes firewall (IDS (Intrusion Detection Systems and IPS (Intrusion Prevention Systems).

1. Protection from DOS to DDOS (Denial of Service / Distributed Denial of Service) – All attacks are stopped, filtered and fanning at the level of the Gateway.
2. Anti-virus software at all levels of the information chain – servers, Gateway and Clients (end stations).
3. Database security, secure overall scheme of the database of each client, and review (DBA (Database Administrator pool.
4. Overall access security policy of stringent password strength (change, complexity, length, etc.), and strict regulations limiting the access occurred. Access to information sensitive in nature is limited and is allocated only a minority of senior officials and licensed in accordance with security clearances, whose work requires access to this information.
5. As an essential part of the development process in Bambi, software development processes are being made in implementing information security. Thus, the development of dedicated client software are made under the Security Code Review to ensure attention to every element of security throughout the information chain.
6. HR – Company leader stringent recruitment processes and their assessment of the current, which include rigorous reliability testing employees before recruitment and during their employment (background check, reliability assessment, polygraph test relevant employees, etc.). Training for new employees and refresher courses are held periodically to make sure that every employee knows and rooted duties and obligations to the Company and its customers.

All information security system Bambi subject to external and internal audits frequently – by the Standards Institute, the company’s customers, and unannounced inspections of non-sampling accompanied by professional information security company – ensuring consistency in maintaining the highest level of security over time.