Data-center Protections

Physical security

Bankopen products are hosted on cloud infrastructure platforms that hold SOC 2 Type II and ISO 27001 certifications, among other credentials. These certifications ensure robust security measures, including dedicated security personnel, stringent physical access controls, and comprehensive video surveillance.

Patch Management

Bankopen’s patch management process identifies and resolves missing patches in the product infrastructure, ensuring software packages are up to date through server-level instrumentation.

Security Incident Response

Bankopen’s security incident process flows, and investigation data sources are pre- defined through regular preparation activities and refined via follow-ups. We use standard incident response structures to ensure timely and appropriate actions.

Application security

In-transit Encryption

Sessions are protected with in-transit encryption using 2,048-bit or stronger keys and TLS 1.2 or higher. This ensures data integrity and confidentiality by encrypting data before transmission, authenticating endpoints, and verifying data integrity upon arrival.

Web Application and network firewalls

Bankopen utilizes a comprehensive suite of tools to monitor potential attacks, including a web application firewall and a network-level firewall. Additionally, the platform incorporates Distributed Denial of Service (DDoS) prevention measures to protect and ensure uninterrupted access.

Software development lifecycle (SDLC) Security

Bankopen ensures consistent software quality through static code analysis tools and human review processes. Our secure coding practices follow OWASP guidelines, and we conduct bi-annual application security assessments with third-party vendors. Additionally, Bankopen performs Software Composition Analysis (SCA), generates Software Bill of Materials (SBOM), and utilizes Infrastructure as Code (IAC). We also enhance security through a comprehensive bug bounty program, refer https://open.money/responsible-disclosure-policy for more details.

Audits, Vulnerability Assessment & Penetration Testing

Vulnerability assessment

Bankopen conducts quarterly vulnerability assessments on our network infrastructure to identify and mitigate potential security risks. These assessments ensure that our systems remain secure and compliant with industry standards.

Penetration testing

BankOpen employs third-party penetration testing firms to conduct thorough security assessments of its products and infrastructure, ensuring the protection of customer data and systems.

External audit & certification

BankOpen ensures compliance through regular external audits and certifications, demonstrating its commitment to security and operational excellence.

Resiliency and Availability

99.9% Uptime

BankOpen consistently maintains a high availability rate of 99.9%, ensuring uninterrupted access to its services. Customer data is comprehensively protected through redundant online backups and regular snapshots, providing robust disaster recovery capabilities.

24x7x365 Monitoring

BankOpen employs proprietary and industry-standard tools to monitor application, software, and infrastructure performance.

Data Center Redundancy

BankOpen employs redundant failover systems to mitigate the impact of single points of failure, ensuring uninterrupted service continuity.

Disaster Recovery

BankOpen maintains comprehensive data recovery procedures and robust application code backup strategies to ensure rapid restoration in the event of a data loss incident. Our point-in-time recovery capability allows us to restore data to any specific point within the last 35 days, minimizing downtime and business disruption.

Data Privacy and Data Access

Restricted access to Databases and data storages

Access to databases and data storage systems is strictly controlled and restricted to authorized executives within the organization.

No local or on-premises storage of data

BankOpen utilizes Amazon AWS cloud infrastructure, with each environment operating within its own private network. We do not store customer information on any local or on-premise infrastructure, including development and testing environments.

Privacy Policy

Please refer our privacy policy here: https://open.money/privacy