Security Policy

1. Introduction

Welcome to the Security Policy page of iBanFirst. Our commitment to security is paramount, and this policy outlines our approach to safeguarding our systems, data, and the privacy of our users.

The scope covered by this policy is *.ibanfirst.com

2. Information Security Principles

We adhere to the following key principles to ensure the security of our organization:

• Data Confidentiality: We protect sensitive information from unauthorized access or disclosure.
• Data Integrity: We maintain the accuracy and reliability of our data.
• Data Availability: We ensure that our systems and data are available when needed.
• Security Awareness: We promote a culture of security awareness and continuous improvement.

3. Roles and Responsibilities

Our security program involves the collaboration of all employees, contractors and stakeholders, as we understand that each party has specific responsibilities in maintaining safety.

4. Security Controls

We implement a range of security controls to protect our systems and data. These controls include but are not limited to:

• Access Control: Strong access control measures with mandatory 2FA mechanisms.
• Encryption: Full hard drive encryption of all our end user devices enforced by our Mobile Device Management system.
• Incident Response: 24/7 external Security Operations Center (SOC) service with access to Incident Response specialists.
• Security Training: We provide regular security training programs to our employees using multiple channels (internal Blog, e-mails, presentations, etc...).

5. Reporting Security Issues

We do not currently have a Bug Bounty program but we encourage responsible disclosure of security vulnerabilities. If you discover a major security issue in our systems, please follow our security.txt policy for reporting.

6. Contact Us

If you have questions or need further information about our security practices, please contact our security team at security.txt@ibanfirst.com.