Search:

Security Measures

We care about the security of your data

This document summarizes the measures taken by BePark to ensure the security of our clients’ data.

 

Data center and network security

Physical security

 

Facilities

BePark servers are hosted on AWS at SOC 2 Type II- and ISO 27001-compliant facilities located within the borders of the European Union. In addition, the data center facilities are powered by redundant power—each with UPS and backup generators. Application, database, and services are deployed on dedicated bare-metal servers. BePark has, therefore, exclusive use of its servers which allows for enhanced performance and security. Furthermore, hosting providers have no access to customer data.

On-site security

Our data center facilities are secured with a perimeter of multi-level security zones, 24/7 manned security, and CCTV video surveillance. In addition, they're secured via multifactor identification with biometric access control, physical locks, and security breach alarms.

Monitoring

An automatic monitoring system is in place to continuously check the state of the services, sending alerts to the appropriate personnel at BePark when necessary. Physical security, power, and internet connectivity are monitored by the facilities providers.

 

Network Security

 

Protection

Our network is protected by redundant firewalls, secure HTTPS transport over public networks, regular audits, and Intrusion Detection Systems (IDS) which monitor and/or block malicious traffic and network attacks.

Architecture

Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones that are not accessible from the internet. Data transferred between BePark servers use a private network.

Network vulnerability scanning

Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.

Third-party penetration tests

In addition to our extensive internal scanning and testing program, penetration tests are performed on a yearly basis.

Logical access

Access to the BePark production network is restricted by an explicit need-to-know basis, utilizing least privilege. It is audited and monitored frequently, and controlled by our Management Team. Employees accessing the BePark production servers are required to use multiple factors of authentication.

Security incident response

In case of a system alert, events are escalated to our 24/7 teams. Employees are trained on security incident response processes, including communication channels and escalation paths.

 

Encryption

 

Encryption in transit

Communications between you and BePark servers are encrypted via industry best practices: HTTPS and Transport Layer Security (TLS) over public networks. Qualys SSL labs have given our servers an A rating.

Encryption at rest

The hard disks of all servers are encrypted.

 

Availability & Continuity

 

Redundancy

BePark employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime ensures customer data is actively replicated across geographically distinct data centers.

Disaster recovery

Our Disaster Recovery (DR) program ensures that our services remain available or are easily recoverable in the case of a disaster. This is accomplished by building a robust technical environment and creating disaster recovery plans that are continuously updated and tested.

 

Application security

Secure development

 

Security training

Engineers participate in secure code training covering OWASP Top 10 security flaws, common attack vectors, and BePark security controls.

QA

Our dedicated QA engineers test all software developments using automated and manual tests before roll-out to production.

Separate environments

Testing and staging environments are separated both physically and logically from the production environment.

Patches

Systems are updated and patched on every release. Releases are pushed every 4 weeks at BePark or on an ad-hoc basis if business continuity requires it.

 

Application vulnerabilities

 

Static code analysis

The source code repositories are continuously scanned for security issues via our integrated static analysis tool.

Security penetration testing

Application security is also part of the annual penetration tests conducted by third-party experts.

 

Product security features

Authentication security

 

Authentication options

BePark offers two authentication options: username-password or SSO via SAML. Aim is to make BePark compatible with most SSO portals. Api and remote system can also connect using OAuth 2.0.

Secure credential storage

When it comes to secure credential storage, BePark follows best practices: Never storing passwords in a human-readable format, and only after a secure, salted, one-way hash.

API security & authentication

The BePark API is SSL-only. User must be a verified user to make API requests. API access and authentication are possible via OAuth 2.0 protocols.

 

Additional product security features

 

Access rights & roles

Access to data within BePark is governed by access rights and can be configured to define granular access privileges. BePark has various permission levels for users (e.g. Admin, Reception, Security, Assistants, etc.).

Transmission security

All communications with BePark servers are encrypted using industry standard HTTPS over public networks. This ensures that all traffic between you and BePark remains secure during transit.

Data segregation

Logical segmentation of customer data is enforced at code level.

Data retention

Data retention

Audit trail

Audit trails including time of change and user responsible for the change are in place on critical objects.

Subprocessors

BePark carefully selects its third-party data subprocessors and reviews them regularly. All such processors are contractually bound by BePark to keep customer data confidential.

 

Compliance certifications, memberships, and external assessments

 

GDPR

BePark is in full GDPR compliance.

SecurityScorecard

SecurityScorecard is an information security company that collects, attributes, and scores the overall health of enterprise cybersecurity through the identification of exposed vulnerabilities on corporate digital assets discovered on the public internet. BePark's score is A.

Level A

Our API and application endpoints are TLS/SSL-only and score an A rating in Qualys SSL Labs tests. This means communications between you and BePark servers are encrypted via industry best practices: HTTPS and Transport Layer Security (TLS) over public networks.

 

Additional security methodologies

Policies

BePark has developed a comprehensive set of security policies covering a range of topics. These policies are shared with, and made available to all employees and contractors with access to BePark information assets.

Background checks

BePark performs background checks on all new employees in accordance with local laws. Criminal background checks are a part of these employee background checks. All newly-hired employees are screened through the hiring process and required to sign Non-Disclosure and Confidentiality Agreements.