Binary Confidence’s mission is to deliver a best-in-class cyber-secure environment for our clients to operate smoothly without having to worry about safety risks to their data and operations
Senior management recognizes the importance of information security to protect information and business assets. Our main goal is to provide top level services to our customers in active security monitoring and security management, and therefore Binary Confidence s.r.o. has also developed its own Information Security Management System (ISMS) in line with international standard ISO/IEC 27001. Our ISO 27001 certificate can be found here.
Binary Confidence was established with one goal – to be your first and last line of dependable defence against all types of cyberthreats. We are the digital guardians of your company’s cyberspace, keeping your data safe and your systems protected.
The operation of this ISMS has many benefits for the business, including:
Following the ISO 27001 standard and as a member of TF-CSIRT, here are the security basics we follow to improve the trust our clients can have in our products and services, but also the security feelings of our employees and suppliers.
To ensure adequate business continuity of our services, we rely on well-tested and well-proven cloud security providers such as Microsoft Azure or hosting of our own redundant hardware in secure data centres. In addition to assured resiliency by cloud service providers, we perform server image backups to ensure we will not lose data necessary to provider our services to our clients.
All communications channels with our servers and services are encrypted using TLS with configuration best practices, we make sure data in transit are encrypted and up to date secure encryption methods are used.
Data reside in multiple and frequently backed up databases or in secure cloud storage; documents reside in our internal file management system with adequate backup frequency to ensure we will not lose data necessary to provide our services.
For secure authentication we utilize integration with SSO; and enforce 2FA authentication where it is technically possible. We never store password and authentication information in clear text. Access to information and files is strictly setup as per our access control principles of role-based access control, principle of least privilege and need to know. We frequently review accesses and permissions to ensure only authorized people have an adequate level of access. Employees and contractors use password management systems to enforce strong and complex password policy.
All our developers are made aware of best practices and minimum-security requirements in secure software development, code we write is double checked and analysed for known vulnerabilities. Various functionality and security tests are run before each new code deployment. Every year we engage external subject matter experts to perform their independent penetration testing of our application.
All our computers and work mobile devices have drives encrypted, and run with up-to-date NextGen Antivirus solution including enhanced functionality such as MDM, HIPS and EDR.
We have internal subject matter experts to provide us with SOC services, advanced monitoring including SIEM services, periodic vulnerability scanning of our infrastructure and threat intelligence reporting to ensure security posture is up-to-date in today’s ever-changing world where new vulnerabilities and threats are discovered every week.
Commitment to the delivery of information security extends to senior levels of the organization and is demonstrated through the information security policy and strategy. The provision of appropriate resources to continuously improve the ISMS program is managed by periodic management review meetings.
We encourage all employees and other stakeholders in our business to ensure that they play their important part in delivering our information security objectives. It is responsibility of every employee to follow principles of ISMS policies and security awareness trainings to ensure information and processes are protected in respect of desired level of confidentiality, availability and integrity.
Company established following roles within information security: security steering committee board that participate on periodic management review meetings to oversee the execution and effectiveness of ISMS program, asset owners responsible for the protection of the assets under their administration and the information security officer (CISO) responsible for smooth project execution.
Main goals for next period is to continuously monitor the risks to reduce any identified ones to an acceptable level and to enhance our established and executed ISMS program to new ISO27001:2022 version when it is officially released. We are also in the process of obtaining FIRST membership (www.first.org).
Stay secure with us
Binary Confidence is a community of experts who have been fulfilling the cybersecurity expectations of the most demanding clients since 2014.
2024 Binary Confidence. All rights reserved.
2024 Binary Confidence. All rights reserved.
