Enterprise-Grade Protection for Your Critical Information Assets
We are committed to protecting the confidentiality, integrity, and availability of all Company Information Assets and facilities. Our security posture is defined by our comprehensive Information Security Management System (ISMS) and anchored by globally recognized certifications: ISO 27001 Certified (Information Security), ISO 9001 Certified (Quality Management), and GDPR Compliant.
Unwavering Compliance & Governance
Our framework is controlled by the ISMS Committee, which is responsible for ensuring technical controls are effectively implemented and records are maintained across all directives. We comply with local and international legislation governing cryptographic security and data transfer, including adherence to GDPR principles for handling personal data.
Zero-Trust Access Model
Foster teamwork and inclusivity among leaders to create more cohesive and effective plans.We enforce a strict access policy based on least privilege and need-to-know, ensuring only the minimum access is assigned to meet business objectives. Access to confidential or sensitive information must be reviewed at least annually to maintain accountability.
Built-in Resilience and Recovery
The Company maintains a formal Business Continuity/Disaster Recovery Plan to appropriately protect Information Assets and enable operational recovery within an accepted timeframe. Our recovery plan is tested at least annually to ensure continuity meets service levels agreed upon with the customer.
Identity and Access Management
Bring all the inputs and assumptions to the users' fingertips, allowing leaders to easily input and adjust assumptions in real-time.Access controls are implemented across all systems, networks, and applications to prevent unauthorized access.
Unique Identification: All users must be uniquely identifiable; generic/shared accounts are treated as an exception.
Privilege Management: Access rights for privileged User IDs are restricted to the minimum required and are reviewed on an annual basis.
Cryptographic Controls and Data Transfer
We use only recognized strong implementations of cryptographic methods based on industry-tested and accepted algorithms.Data at Rest: Laptop hard drives must be whole-disk encrypted, utilizing a 2048-bit encryption key (or greater).
Encrypted Connections: All remote access must occur via an encrypted VPN. Access to any web-based application must use at least a 128-bit SSL certificate.
Secure External Transfer: Electronic external data transfers involving confidential or restricted information are secured using industry-standard encryption techniques. Passwords used for encryption must be sent under a separate cover.
Malware and Technical Vulnerability Management
We enforce continuous protection from malicious code to ensure effective technical vulnerability management.
Endpoint Protection: Antivirus software is installed, configured, and operational on all client and server systems, and is regularly updated with current definitions.
Threat Filtering: Email filtering is implemented to protect users from email-based malware and phishing attacks, and suspicious email is quarantined.
Vulnerability Remediation: All vulnerabilities classified as high risk are remediated as soon as practical, with remaining vulnerabilities subject to risk assessment and a determined remediation timeline.
Data Retention and Resilience
We ensure secure data lifecycle management and high availability through tested procedures.
Backup Strategy: Backup procedures are created to meet the minimum recovery time and maximum data loss targets required by the business. All confidential and/or sensitive information must be encrypted during backup.
Data Redundancy: Primary and backup copies must be stored in physically or virtually separate locations.
Cloud Security Assurance: Cloud services must comply with all laws and regulations, and their service agreements must be reviewed and approved by the ISMS Committee.
ISO 27001 & ISO 9001 Certified
Encrypted Data Transfer
Cloud Security Monitoring
GDPR Compliant
Business Continuity & DR
Audit and Traceability
Least Privilege Access Model
Antivirus Protection
User Access Controls
Whole-Disk Encryption
Continuous Scanning
Transparency
Look forward; to better business results
Unlock potential with Forward-Looking FP&A powered by Blox.
Achieve better business performance with enhanced Business Planning and Data Analytics.
