SECURITY: BUILT INTO THE FOUNDATION OF OUR ARCHITECTURE

We understand that financial data is one of your most valuable and protected assets. Our number-one priority is delivering a comprehensive, high-performance solution with cutting-edge security measures to keep your financial data safe and your business protected.

You can sleep at night knowing that we've gone the extra mile with security measures to give you peace of mind.
 

Layers of Security - There are many layers of security in BIGcontrols, starting with the physical datacenter setup where we operate in secure ISO 27001-compliant data centers. At the network level, we employ firewalls against outside attacks, DDoS mitigation, and various technical mechanisms against spoofing and sniffing. At the application level we run in an isolated environment where we can deliver tenant isolation. We perform routine security checks on various aspects of environment and product to ensure that our customer data is secure.

Traceability - The security and internal audit tracking integrated within our product allows administrators to audit user views and edits on data for incentives, locations, tasks and users including time, date and from/to parameters. This granular security empowers administrators to see how data is manipulated and accessed at fine-grained levels. 

Performance Delivered - We are committed to a world-class customer service experience. We measure uptime and response time to ensure that customers have a reliable and quick connection to our servers. As part of our corporate vision, we provide our users with an environment that is accessible from any device and enables them to respond to changing business dynamics. Our technical operations team monitors these test results to ensure we are providing the best-in-class service to our customers.

SECURITY HIGHLIGHTS

Network Security

Firewalls - Firewalls are utilized to restrict access to systems from external networks and between systems internally.

DDoS Mitigation - Our infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting.

Spoofing and Sniffing Protections - Managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts to ensure spoofing is not possible. Packet sniffing is prevented by infrastructure including the hypervisor which will not deliver traffic to an interface to which it is not addressed. 


Application Security

BIGcontrols is hosted and runs in an isolated environment and cannot interact with other applications or areas of the system to prevent security and stability issues. These self-contained environments isolate processes, memory, and the file system while host-based firewalls restrict applications from establishing local network connections.


Data Security

Customer data is stored in separate access-controlled databases. All communication to our servers is encrypted in transit. Customer data is stored in separate access-controlled databases. All customer data stored is encrypted at rest to ensure the highest levels of security in the unlikely event of a breach. 

Data Centers

Our physical infrastructure is hosted and managed in a datacenter which adheres to the following best practices in terms of operational excellence and security:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate Sarbanes-Oxley (SOX) 


Backups

Application - Our application is automatically backed up as part of the deployment process on secure, access-controlled, redundant storage. 

Databases - Continuous protection keeps data safe. Every change to your data is written to write-ahead logs, which are shipped to multi-datacenter, high-durability storage. In the unlikely event of unrecoverable hardware failure, these logs can be automatically "replayed" to recover the database to within seconds of its last known state. Additionally, we also backup databases on an ongoing basis.


Privacy

We have a published privacy policy that clearly defines the data we collect and how it is used. We take steps to protect the privacy of our customers and protect data stored within our platform. Some of the protections include authentication, access controls, data transport encryption, and HTTPS support for customer applications. 

Access to Customer Data - Our hosting personnel do not access or interact with customer data or applications as part of normal operations. There may be cases where we are requested to interact with customer data or applications at the request of our customer for support purposes or where required by law.

Employee Screening and Policies - As a condition of employment all our employees undergo pre-employment background checks and agree to company policies including security and acceptable use policies.