Skip to content

Security Feature

GRC platform has been designed with a security-first approach to ensure the confidentiality, integrity, and availability of user data. Recognizing the growing sophistication of cyber threats and the importance of trust in digital platforms, our platform integrates a comprehensive set of security controls aimed at safeguarding sensitive information, mitigating risks, and preventing unauthorized activities.

The in-house platform has integrated a robust set of security features to safeguard user data, prevent unauthorized access, and protect against fraudulent activities. Below is a comprehensive overview of the security features across various areas:

Multi-Factor Authentication (MFA)

Overview: To ensure that users are who they claim to be, multi-factor authentication (MFA) is implemented for all sign-ins.

Two Verification Methods: When users sign into any of the offerings, the system verifies their identity using at least two different factors. These may include recognizing devices or locations, as well as requiring the user to enter a one-time code sent to them. This provides an extra layer of protection beyond just a username and password.

Data Encryption (Stored Data)

Overview: All sensitive user data is encrypted while stored in the system.

Encryption Process: Data is converted into a secure code that only the platform can decrypt, ensuring that unauthorized parties cannot read or access the data. This encryption mechanism guarantees that only authorized individuals (the user and platform) have access to sensitive information, even if attackers gain access to the storage system.

Proactive Fraud Monitoring and Alerts

Overview: The platform actively monitors for potential scams and fraud.

Scam Prevention: The platform regularly provides security notices, which include information about common fake emails and scams targeting users, along with actionable advice on how to avoid falling victim to these frauds.

Fraud Detection: In addition to scanning for external threats, the platform’s security team is always on the lookout for any fraudulent activities that could potentially affect users, ensuring a high level of security awareness.

Centralized Account Management

Overview: Users can manage all their interactions with the platform from a single account.

One Account, Multiple Offerings: Whether using one or multiple dbace services, users can sign in using a single dbace Account. This centralized account system ensures that all personal data is stored securely in one location and allows users to easily control their security settings.

Security Settings: The user can manage and adjust their security settings from a single, convenient interface.

Ongoing Security Advancements

Overview: Security is an evolving concern, and the platform constantly improves its security measures.

Continuous Testing: The platform is always testing and refining its cybersecurity strategies to stay ahead of emerging threats. Collaborations with security researchers globally help ensure the platform is adopting the latest practices and technologies.

Adaptability: As technology evolves, so does the platform’s security, maintaining robust protection for users.

Storage Repository

Overview: The platform utilizes Cloud Storage for storing documents and other files.

Scalable and Cost-effective: Cloud Storage provides a flexible, cost-effective, and scalable solution for storing various data types, from documents to backups.

Role-Based Access Control: Access to the files is restricted via role-based access control (RBAC), ensuring only authorized individuals or systems can access sensitive documents.

Multitenant Implementation

Overview: The platform uses a multitenant architecture for its web portal, ensuring proper isolation between tenants (users).

Tenant Isolation: Strong separation between tenants is maintained, ensuring no unauthorized access  data across different customer accounts.

Continuous Monitoring: Regular monitoring and auditing of the multitenant system prevent potential data breaches and unauthorized access.

Security Testing Using OWASP

Overview: The platform regularly performs security assessments to ensure vulnerabilities are identified and mitigated.

Penetration Testing: The platform conducts penetration testing to actively identify weaknesses and test the resilience of its security systems.

Automated Vulnerability Scanning: Automated security tools scan for known vulnerabilities in the platform’s web application and frameworks, minimizing security risks by promptly addressing identified weaknesses.

Role Segregation and User Access Control

Overview: The platform enforces strict role-based access control to ensure that users can only access what they are authorized to.

Admin Users: Admins have elevated privileges to manage systems, access sensitive data, and adjust security settings. Proper management of these admin roles is crucial for minimizing risks.

Auditor Role: A dedicated auditor role ensures accountability and transparency by regularly reviewing sensitive data and processes. This role helps maintain trust and supports compliance with regulatory obligations.

General User Role: General users have limited access, typically restricted to viewing or interacting with non-sensitive data. They are not authorized to access sensitive configurations or administrative features.

Compliance and Regulatory Framework

Overview: The platform ensures that its security practices align with industry standards and regulatory requirements.

Audit and Reporting: Regular audits ensure that the platform adheres to compliance standards and provides transparency in its security practices.

Regulatory Compliance: The platform’s security features are designed to meet global data protection standards, ensuring that customer data is handled in accordance with legal and regulatory requirements.