Security Overview
At Banfico, security is built into the design and operation of our services. Our platforms are hosted in a secure cloud environment and protected through a layered security approach that combines infrastructure, application, and operational controls.
We apply industry best practices such as encryption of data in transit and at rest, strict access control based on least privilege and multi-factor authentication, and continuous monitoring of systems and activities. Security controls are embedded across the development lifecycle, supported by regular vulnerability assessments and timely remediation processes.
Our environment is monitored to detect and respond to potential threats, and all access and activities are logged to ensure traceability and accountability. We continuously review and improve our security posture to address evolving risks and regulatory expectations.
ISO 27001
We follow an information security management framework aligned with ISO 27001 standards. Our controls are designed to protect the confidentiality, integrity, and availability of data, supported by regular risk assessments, internal controls, and continuous improvement processes.
Cyber Essentials
We implement baseline cybersecurity controls aligned with Cyber Essentials principles to protect against common cyber threats. This includes secure configuration, access control, malware protection, and vulnerability management across our systems and endpoints.
GDPR
We process personal data in accordance with the General Data Protection Regulation (GDPR). This includes applying data minimisation, purpose limitation, and appropriate technical and organisational measures to ensure the protection of personal data.
CSA STAR Level 1
We maintain transparency over our cloud security practices through the CSA STAR Level 1 self-assessment. This demonstrates our alignment with industry-recognised cloud security controls and provides visibility into how we manage risks in our cloud environment.
