KBBS Systems
Fraud Detection Case Management Fraud Intelligence Integrated Solutions Supplier Management Pricing
What We Do Security Relationships Consultancy Our Team Careers Latest News
KBBS Systems
Transforming Fraud Detection

Security and Compliance

 
shutterstock_abstract_3_c.png

Security Commitment

At KBBS Systems we are committed to the security of your data. We are ISO27001 certified and conduct annual internal policy reviews alongside the external ISO surveillance audit.

As part of this commitment, we use a variety of industry-standard security technologies and procedures to help protect your information from unauthorised access, use, or disclosure.

Security Program

The core of KBBS Systems business involves dealing with sensitive client data.

We build our product and design our business processes and software development lifecycle with security and risk in mind.

We have carefully selected controls from ISO/IEC 27001 and software development best practices as a guideline for building our internal policies, processes, risk management and information security controls. Our policies cover both internal organisation and data security.

The security program is internally led and has partnerships with external cyber security specialists in Europe and Australia and is responsible for the following areas:

  • Application Security
  • Infrastructure & Network Security
  • Compliance
  • Privacy
  • Corporate Security
  • Physical Security

Internal policies and procedures

With respect to our internal protocols, we have roles and responsibilities defined for information security, segregated across roles and individuals to avoid conflicts of interest and prevent inappropriate activities. We have human resource policies and background checks for sensitive roles. We conduct security training for all new employees, and a formal disciplinary process is in place to handle information security incidents allegedly caused by staff.

Data security

We employ mobile device and teleworking policies and controls for mobile devices (such as laptops, tablet PCs, smartphones, and removable media). We have strict access controls to manage the allocation of access rights to users from initial user registration through to removal of access rights when no longer required. Information access is restricted in accordance with the access control policy and to the minimum required privileges. All client data is encrypted both at rest and in transit. If our clients have data sovereignty requirements, we ensure their data is stored in the required geographical region.

Our physical and environmental security is strictly followed for our development environment. For our customer data we employ multiple cloud solutions, which are accredited, reputable and industry renowned for their approach to data security.

We have implemented policies around operations security such as IT operating responsibilities and procedures, backups, logging & monitoring, technical vulnerability management and Information systems audit considerations.

Training and Assessment

Our developers receive application security training with cutting edge initiatives. KBBS also performs annual network security assessments. We are committed to:

  • Ongoing developer training
  • Ongoing security awareness training to all employees
  • Penetration testing
  • Code vulnerability scans based on OWASP
  • Onshore disaster recovery measures

Risk management

We regularly review our business continuity management, information security continuity and redundancies.

Compliance

We identify and document our obligations to external authorities and other third parties in relation to information security. Including intellectual property, business records, privacy/personally identifiable information and cryptography. We also conduct external and independent security reviews to enhance our security and to ensure to our customers the highest security standards are utilised and met.