Security Policy

At White Bull, we are committed to maintaining the highest standards of security to protect the confidentiality, integrity, and availability of your financial data. This Security Policy outlines our commitment to safeguarding your information and provides guidelines for maintaining a secure online environment.

Physical Security Measures at Our Premises

  • Biometric Access Control : Our premises are equipped with advanced biometric scanners to regulate access. Only individuals with proper authorization are granted entry, ensuring strict access control.
  • Restricted Access Authorization : Access to our Premises and the data processing center is strictly limited to authorized personnel, adding an extra layer of security to our physical locations.
  • Data Processing Center Security : Within our data processing center, we maintain a “no physical documents, books, or external devices” policy. This stringent measure helps prevent data contamination and unauthorized access.
  • CCTV Surveillance : We maintain constant surveillance of our premises using a comprehensive Closed-Circuit Television (CCTV) system. This surveillance enhances our ability to detect and respond to any unauthorized activities.
  • Prohibition on Physical/Removable Drives : Our personnel strictly adhere to a no-physical/removable drive policy, including external hard drives, within our secure premises. This policy mitigates potential security vulnerabilities.
  • Secure Personal Belongings : Staff is required to secure personal belongings, such as bags, books, and mobile devices, in designated lockers located outside the main data processing center. This clear demarcation helps reduce security risks.

Non-Physical Server Security Controls

  • ISO 27001 ISMS Certification : We proudly hold ISO 27001 Information Security Management System (ISMS) certification, demonstrating our unwavering commitment to information security best practices.
  • Third-Party Service Providers : We utilize renowned technologies and platforms such as Google, Amazon, UiPath, and Acronis, which may involve servers distributed worldwide. While we take stringent measures to protect your data, we cannot be held liable for third-party breaches. We employ two-step authentication where feasible for cloud-based services.
  • NextGEN Firewall : All our delivery centers are fortified with NextGEN Firewall technology, encompassing intrusion prevention, web filtering, zero-day protection, and sandboxing, to fortify our network security.
  • Controlled Email Access : Our staff cannot access personal emails from the office, and stringent measures are in place to prevent work email data from leaving the premises.
  • IP Authentication and Password Policies : Our intranet, internal portals, software, and sites employ IP authentication, ensuring access solely from within our office premises. Internal software is password-protected, with password strength requirements and periodic updates
  • IP Auto-Lock Feature  :  All PCs within our organization are equipped with an auto-lock feature to prevent unauthorized access due to unlocked computers.
  • Information Sharing Guidelines : Staff are instructed not to share information outside the organization. When internal sharing is necessary, it should be strictly related to work tasks
  • Wireless Restrictions  :  The use of personal device wireless connections is strictly prohibited within our secure environment.
  • Remote Work Best Practices :  While we allow remote work on occasion, staff exclusively use office-provided computer systems and connect via VPN to access our servers, maintaining the highest level of security.

Awareness & Training

  • Confidentiality and Security Protocol : All employees are required to adhere to our security protocol and sign a confidentiality agreement, safeguarding data, client information, and business insights.
  • Breach Reporting Duty : Every team member is entrusted with the responsibility to promptly report any breaches they encounter. Immediate reporting enables swift and appropriate action to mitigate risks.
  • Information Sharing Guidelines : Staff are instructed not to share information outside the organization. When internal sharing is necessary, it should be strictly related to work tasks
  • Cyber Security Awareness : We deliver ongoing Cyber Security Awareness initiatives via email to foster a culture of cyber vigilance and promote best practices.