Security Framework

VyBeing Technologies Ltd. is committed to protecting the security and integrity of customer data. This security framework outlines our comprehensive approach to information security.

1. Security Infrastructure

Cloud Infrastructure

• Hosting: AWS and Google Cloud Platform with ISO 27001, SOC 2 Type II certifications
• Geographic Distribution: Multi-region distribution for redundancy
• Network Security: VPC isolation, firewalls, DDoS protection
• Load Balancing: Distributed traffic management and failover

2. Data Encryption

Encryption in Transit

• TLS 1.3 for all data transmission
• Perfect Forward Secrecy (PFS)
• Strong cipher suites only
• HSTS (HTTP Strict Transport Security)

Encryption at Rest

• AES-256 encryption for all stored data
• Encrypted database backups
• Encrypted file storage
• Secure key management (AWS KMS, Google Cloud KMS)

3. Access Controls

Authentication

• Multi-factor authentication (MFA) required for all accounts
• SSO integration (SAML, OAuth 2.0)
• Password complexity requirements
• Session expiration and management

Authorization

• Role-Based Access Control (RBAC)
• Principle of Least Privilege
• Regular access reviews
• Automated access provisioning/deprovisioning

4. Application Security

Secure Development

• Security-focused development lifecycle
• Code reviews and pair programming
• Static and dynamic code analysis
• Dependency vulnerability scanning
• Regular security training for developers

Security Testing

• Automated security tests in CI/CD pipeline
• Annual third-party penetration testing
• Vulnerability assessments
• Bug bounty program

5. Monitoring and Detection

24/7 Security Monitoring

• Real-time threat detection
• Intrusion Detection Systems (IDS)
• Security Information and Event Management (SIEM)
• Automated alerting and response

Logging and Audit Trails

• Comprehensive activity logging
• Immutable audit logs
• Logs retained for at least one year
• Regular log analysis

6. Incident Response

Incident Response Plan

• Documented incident response procedures
• Dedicated security incident response team
• 24/7 incident response capability
• Regular incident response drills

Breach Response

• Immediate containment and investigation
• Notification to affected parties within 72 hours
• Coordination with Israeli Privacy Protection Authority
• Post-incident analysis and remediation

7. Business Continuity

Backup and Recovery

• Automated daily backups
• Encrypted backup storage
• Multi-region backup replication
• Regular recovery testing
• RPO (Recovery Point Objective): 24 hours
• RTO (Recovery Time Objective): 4 hours

Disaster Recovery

• Documented disaster recovery plan
• Failover capabilities
• Annual disaster recovery drills
• Business continuity insurance

8. Compliance and Certifications

Current Certifications

• ISO 27001 (in progress)
• SOC 2 Type II (planned for 2025)
• GDPR Compliance
• Israeli Protection of Privacy Law Compliance

Regular Audits

• Annual third-party security audits
• Quarterly internal security assessments
• Continuous compliance monitoring

9. Vendor Security

Third-Party Risk Management

• Security assessments for all vendors
• Contractual security requirements
• Regular vendor security reviews
• Vendor access monitoring

10. Employee Security

Security Training

• Mandatory security awareness training
• Quarterly security updates
• Phishing simulation exercises
• Role-specific security training

Employee Policies

• Confidentiality agreements
• Acceptable use policy
• Clean desk policy
• Secure remote work guidelines

11. Physical Security

• Secure office access controls
• Visitor management
• Secure destruction of physical media
• Environmental controls (fire, flood protection)

12. Security Contact

To report security vulnerabilities or incidents:

• Email: [email protected]
• Response Time: Within 24 hours for critical issues