BI.ZONE LLC (hereinafter referred to as BI.ZONE) is committed to protecting your privacy and takes its responsibilities regarding the security of information being handled very seriously.
This Cyber Security Policy explains the measures we apply to protect your data on the Def.Zone Cloud Cybersecurity Services Platform (hereinafter referred to as Def.Zone) and for the company as a whole.
Basics Cybersecurity Principles
At BI.ZONE, the core principle of the cybersecurity management process is continuous improvement, consisting of the following stages:
- Planning. We regularly assess BI.ZONE's cybersecurity risks and, based on the results of this assessment, plan the necessary protective measures.
- Execution. We use our protection system to neutralise cybersecurity risks that have been identified as relevant to the company.
- Audit. We regularly test and review our security system.
- Improvement. We continuously improve our protection system.
Our Security Team
To ensure best quality services, we dedicate our best BI.ZONE experts with outstanding qualifications.
Their professionalism is evidenced by the following certificates:
In ensuring cybersecurity, we are guided by the requirements of Russian legislation, as well as global best practices and industry standards on cybersecurity.
All issues related to cybersecurity are handled by a dedicated cybersecurity task team which engages in the following activities on a regular basis:
- Cybersecurity risk analysis. In order to effectively manage cybersecurity and make decisions regarding its measures and implementation, BI.ZONE has adopted a process to manage cybersecurity risks. The main objectives of this process are: to identify the vulnerabilities and threats to company assets, and the probability of them being exploited; to assess the current level of risks and to develop a risk mitigation plan.
- Cybersecurity incident management. In order to minimise possible damage from cybersecurity incidents, BI.ZONE has implemented a process for identifying, responding (countering attacks in real time), resolving and analysing the causes of cybersecurity incidents.
- Raising awareness in the field of cybersecurity. We regularly educate and test our employees on the rules of working with confidential information as well as on basic rules of cyber hygiene.
- Access control. We regularly monitor all users who have access to confidential information on the Def.Zone platform and also use roles delimit access to certain certain information. Thus, a Def.Zone user sees only the information that they actually need. We keep records and control of our employees who have access to confidential information on the Def.Zone platform.
- Network security and application protection. All data transmitted between you and Def.Zone is strictly encrypted. In order to protect Def.Zone from malicious activities, computer viruses, Trojans and other malicious software, we use continuous antivirus protection tools as well as several firewall solutions that fully cover the infrastructure of BI.ZONE.
- Ensuring cybersecurity at all stages of the life cycle. Our cybersecurity service monitors all upgrades of the Def.Zone platform, thereby minimising the risk of vulnerabilities and errors. We also test and update all components of the Def.Zone platform on a regular basis.
- Business continuity management. BI.ZONE has implemented business continuity management processes, thus ensuring a high level of service availability. All data of the Def.Zone platform are backed up frequently. Data backups are stored in a specialised geographically dispersed system.
- Monitoring of cybersecurity events. All cybersecurity events occurring on the Def.Zone platform are analysed 24/7 by the Def.Zone's own Security Operations Centre (SOC). SOC processes are certified in accordance with the international standard ISO 27001:2013.
- Cybersecurity Audit. We perform automatic vulnerability scanning procedures on an ongoing basis. We also conduct regular internal and external (involving independent teams) cybersecurity audits and penetration tests on the Def.Zone platform. Penetration testing is carried out by a team of specialists certified in accordance with the international standard CREST.
- Physical security. All confidential information of the Def.Zone platform is stored in its own secure data processing centres (DPC) located in Russian, which meet the requirements of industry security standards. Access to premises with information systems processing personal data is restricted and regularly monitored by the security services.
BI.ZONE may make changes to the current Cybersecurity Policy without prior notice. Any changes will take effect from the moment they are published.
We will be happy to answer any questions you may have. You can write to us at email@example.com.