Security
BMC SAAS places paramount importance on security, collaborating with several IT firms to safeguard all client information and data. We have a dedicated IT expert from their firm stationed at our office full-time. To ensure stringent quality control, we conduct regular training sessions and audits. Our internal auditors meticulously assess the efficiency and effectiveness of our procedures, making revisions as necessary. Additionally, our quality management system undergoes validation by third-party auditors to align with our business objectives.
We prioritize client data security and confidentiality at BMC SAAS. Since our inception in 2016, we are proud to report zero data breaches.
BMC SAAS security guidelines:
-
Data access is restricted to authorized users only
-
All methods of data transfers to external sources are controlled
-
Removable storage devices like pen drives, smart phones, etc are blocked on workstations
-
Access to Internet sites (email, ftp, online storage etc) is blocked by use of industry class firewall device
-
All workstations are protected by enterprise level Antivirus solution, which is continuously updated.
-
All operations areas are protected by magnetic door locking mechanism with access only to department members.
-
All main doors are manned by security officers with 24*7 CCTV camera monitoring
-
Users are periodically made aware of IT policies and security measures
Security Policy
Password Protection
-
Our password-protected logins restrict access to registered users only. User passwords are encrypted in our SQL database, and we maintain logs of all users accessing the system.
Non-Disclosure / Confidentiality Agreements
-
All employees sign non-disclosure and confidentiality agreements. They are bound by these agreements and are prohibited from sharing information from engagements with anyone, including co-employees, unless it is related to the preparation of the engagement. Information sharing between preparers and reviewers is only allowed through their direct supervisors.
Secure Service Centers for Financial Services Outsourcing
-
We implement a comprehensive service center security policy to ensure secure financial services outsourcing. Our security measures include:
-
Restricted physical access to processing and server environments.
-
A paperless system to prevent data removal from the facility.
-
Virtually restricted internet access on operational computers, with data retrieval and transmission supervised by the project manager. Computers without media drives ensure files cannot be copied, and Outlook is removed from all PCs.
Physical Security
-
A security guard is present at the entrance.
-
Access to the server room requires an access card and is restricted to dedicated employees assigned to outsourced activities.
-
Returns are prepared in a paperless environment, with no source documents, accounting data, or tax returns printed.
-
Printers are limited to producing management reports only.
Personal Belongings
-
Briefcases, bags, and other personal belongings are not allowed in the service center.
-
There are no removable media devices, and PCs do not have floppy drives or CD/DVD R/W drives.
Our stringent security measures ensure the highest level of protection for your financial data. If you have any questions or concerns about our data security policies, please feel free to contact us.
Security Tools
Security measures are integral to BMC SAAS's commitment to safeguarding client information, maintaining operational integrity, and upholding the highest standards of data security and privacy.
Boundary firewall & gateways
Implemented to control and monitor incoming and outgoing network traffic, ensuring unauthorized access is prevented at the network perimeter.
Secure configuration
Ensures that all systems and devices are configured securely according to best practices and security standards to minimize vulnerabilities.
Access control
Strict measures are in place to manage and restrict access to systems, networks, and data based on user roles and permissions, enhancing overall security.
Malware protection
Utilizes robust software and protocols to detect, prevent, and remove malicious software threats such as viruses, ransomware, and spyware.
Patch management
Regular updates and patches are applied to systems, applications, and devices to address security vulnerabilities promptly and mitigate risks.