Security Statement
557 words · 3 mins read · Time it takes to sew back a button
We have always placed your security first at OneBanc. We go above and beyond to provide a best-in-class member experience, utilizing a dedicated security team responsible for protecting against, detecting, and mitigating threats to our application.
  • Privacy Practices
    We do not sell your personal information to or share it with unaffiliated third parties for their own advertising or marketing purposes without your explicit consent.
    Check out our Privacy Policy for more information.
  • Our Infrastructure
    OneBanc is hosted on NTT Data Center based out of Noida, India which provides a secure and scalable platform to ensure we can provide you services securely and reliably.
  • Perimeter Security
    We have deployed Defence in Depth Architecture using a network firewall, web application firewall, DDoS protection layer, and a content delivery network. We have a 3-Tier Architecture which incorporates best practices from various standards and certifications. We have strict network segmentation and isolation of environments and services in place.
  • Host Security
    We use industry leading solutions around anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, application control, application and audit log aggregation, and automated patching.
  • Data Security
    We employ separation of environments and segregation of duties and have strict role-based access control on a documented, authorized, need-to-use basis We use key management services to limit access to data except the data team. Stored data is protected by encryption at rest and sensitive data by application-level encryption. We use data replication for data resiliency, snapshotting for data durability and backup/restore testing for data reliability.
  • Incident and Change Management
    We have deployed mature processes around Change Management which enables us to release thoroughly tested features for you both reliably and securely enabling you to enjoy the OneBanc experience with maximum assurance. We have a very aggressive stance on Incident Management on both Systems downtime and Security and have a Network Operations centre and an Information Security Management System in place which quickly reacts, remediates, or escalates any Incidents arising out of planned or unplanned changes.
  • Vulnerability Assessment and Penetration Testing
    We have an inhouse network security team which uses industry leading products to conduct manual and automated VA/PT activities. We employ both static application security testing and dynamic application security testing which is incorporated into our continuous integration / continuous deployment pipeline. We also leverage CERT-IN certified auditors to do periodic external security testing and audits.
  • Standards and Certifications
    We are an ISO 27001:2013 certified company and have implemented required Information Systems Management System policies and procedures to maintain industry standard best practices and applicable controls.
  • GDPR Compliance
    The OneBanc team worked hard and developed new features that helped us become GDPR-compliant. We have incorporated all the necessary controls and procedures for personal data processing security derived from the GDPR into our systems. You can find more information about the data we collect and how we do it in our Privacy Policy. Our clients can also review the Data Processing Addendum.
  • Changes to statement
    OneBanc reserves the right to change this Security Statement at any time. If we decide to change it, we will post these changes on this page so that you are always aware of how we ensure the security of your data. All changes are effective immediately upon posting.
  • Contact
    If you have any questions about our data security, please contact us at any time via email: compliance@onebanc.ai.
Last reviewed by Compliance Head on 15 July, 2022