Our Security policy describes:
Network & application
Measures we have implemented to prevent unauthorized access, use, alteration or disclosure of customer data.
Measures we have implemented to secure data portability, privacy by design, access management and password security.
Measures we have implemented to educate our employees.
BitaBIZ is committed to maintain our Security policy and we must continuously seek to improve the protection of our customers.
Network and application security
Data Hosting and Storage
BitaBIZ is hosted in the cloud. We do not run our own routers, load balancers, DNS servers, or physical servers. BitaBIZ services and data are hosted at Microsoft Azure in the EU
Our Azure Cloud Services and Virtual Machines is protected by Cloudflare web application fire-wall (WAF). BitaBIZ is protected against all important safety risks. BitaBIZ WAF is certified by the PCI Security Standards Council.
All data sent to or from BitaBIZ is encrypted in transit using 256-bit encryption. Our API and application endpoints are TLS only. We automatically use the newest TLS version when supported by the clients.
BitaBIZ is HSTS (HTTP Strict Transport Security) enabled and all requests are forced to use https.
BitaBIZ Azure databases are encrypted with Encryption-at-rest by default and the database en-cryption key is protected by a built-in server certificate.
Microsoft Antimalware are installed on our Azure Cloud Services and Virtual Machines.
Login to our production environment is only via Microsoft Azure Just-in-Time that provide audit logs for all activity.
BitaBIZ is delivered via Microsoft .NET technology platform. Our Microsoft resources like MS SQL are always updated with the latest security updates.
Platform monitoring, Pentests and Vulnerability Scanning
BitaBIZ use Rapit7 to continuously scan for vulnerabilities. This enables us to identify and re-move vulnerabilities.
BitaBIZ uses New Relic real-time platform monitoring. This enables us to monitor performance and quickly identify errors.
Single Sign-on (SSO) allows your company to authenticate users in your own systems without requiring them to enter login credentials to BitaBIZ.
Manual Password and Credential Storage
Password based authentication; user passwords are encrypted using the protocol SHA1 or later version.
User provisioning allows your company to control and manage user creation and access control from your own systems.
User role Permissions (privacy by design)
BitaBIZ has build in settings and permission management.
Permission roles include:
- System admin
- Global payroll admin
- Local Payroll admin
- External admin
- HR statistics
- Approver role
- User role
- Default settings
- GDPR setting
- User settings
All employees are informed of our security policy.
Our setup does not allow our staff to access business resources outside our implemented security policy.
BitaBIZ performs background checks on all new employees including employment verification and criminal checks for Danish employees.
All employee contracts include:
- a confidentiality agreement.
- GDPR code of conduct policy.
Internal permissions and authentication
- Access to customer data is limited to authorized employees who require it for their job.
- BitaBIZ have a Single Sign-On (SSO) policy to all business resources. SSO is a requirement for implementing a business resource. We manage resource access from one central portal. Access to a resource is only granted if relevant for the job function.
- We monitor and Audit log login to all company resources.
- All actions taken on production consoles are logged.
- We have strong password policies.
Data protection officer
BitaBIZ has appointed an internal data protection officer. The employee is responsible for QA our data security and data protection program.
The employee report to the board of directors on security and data compliance matters.
BitaBIZ employees must enable and contribute to audits, including inspections carried out by our customers or another auditor that has been authorized by the customer.
All employees have company paid PC and Mobile secured with company managed firewall and security scan.
PCs are wiped every year. Data must only be saved on company managed Sharepoint/Onedrive.