Baringa has various technical safeguards in place to protect the confidentiality, integrity and availability of client data. These controls are summarised below, this is not an exhaustive list.
Encryption
Baringa encrypts client data at rest and in transit by using industry standard encryption.
Encryption key management is in place and involves regular rotation of encryption keys. Baringa logically separates encryption keys from client data.
Access Controls
All Baringa employees have a unique user ID and password, as well as multi-factor authentication to be able to access Baringa systems. Access is via a secure VPN. Additional training is provided to users who are given privilege access levels. Access reviews are performed at least quarterly for privilege access.
Endpoint Controls
For all access to the cloud environment or Baringa systems employees are issued with dedicated Baringa laptop devices which utilise security controls that include, but not limited to: Disk encryption, endpoint detection and response (EDR) tools to monitor and alert to suspicious activities and malicious code remediation and vulnerability management.
Hardening
Baringa systems are hardened using industry best practices to protect it from vulnerabilities, including changing default passwords, removing unnecessary software, disabling or removing unnecessary services, and regularly patches as described in this Security Addendum.
Firewalls / Security Groups
Baringa protects its cloud environment using industry standard firewall or security groups with deny-all default policies to prevent egress and ingress network traffic protocols other than those that are business required.
Monitoring and Logging
Monitoring tools or services, such as host-based intrusion detection tools, are utilised to log certain activities and changes within the Cloud Environment. These logs are further monitored, analysed for anomalies, and are securely stored to prevent tampering for at least one year.
Penetration Testing
Baringa performs an annual penetration test by an accredited penetration testing company. Any new applications/systems will be penetration tested during development.
Secure Disposal
Baringa has appropriate measures in place to securely dispose of its equipment via an accredited third-party supplier.
Vulnerability Detection & Management
Antivirus and anti-malware is updated on regular intervals. Detection tools monitor and provide alerts for suspicious activity, potential malware, and viruses.
Vulnerability scans are performed within the environment to determine potential vulnerabilities in accordance with current security operating procedures, which will be at least quarterly. When software vulnerabilities are revealed and addressed by a vendor patch, the patch will be obtained from the applicable vendor and applied within an appropriate risk-based timeframe in accordance with the current vulnerability management and security patch management standard operating procedure and only after such patch is tested and determined to be safe for installation in production systems.