Continuous commitment across all stakeholders
The engagement of each and every stakeholder is crucial. Therefore, we share our guidelines below and urge all interested parties to follow them.
ebankIT guidelines and policies
The Information Security Management System is certified by ISO/IEC 27001:2013 within the scope of “Information security in the support cycle of software development” to preserve the confidentiality, integrity and availability of information through the application of a risk management process in order to give confidence to stakeholders that risks are managed properly.
ebankIT is appraised at CMMI V2.0 Level 2.The Capability Maturity Model Integration (CMMI) is a process optimization model, which provides organizations with the essential elements to efficiently manage software development projects.
ebankIT produces SOC 2 Report to a describe the service organization’s system and a test of design of the service organization’s relevant controls that are in place to secure the service provided. Currently, ebankIT has a SOC 2 Type I report dated as of the 31st december, 2021. The current testing/observation period for its Type II report occurs from 1st january to 31st december of 2022 and to the date there has been no material changes to the system of internal controls.
Security and privacy are top priorities
The ebankIT platform is developed as an infrastructure that is continuously assessed to guarantee compliance with all applicable laws and regulations, applying financial industry standards and best practices assured by internal controls and external certification bodies.
Privacy and data protection
ebankIT implemented a Privacy Program to ensure all data entrusted to us is processed according with the General Data Protection Regulation. ebankIT ensures that all our workflows are audited by data security and privacy assessments of the potential risks and vulnerabilities. ebankIT also proceeds with vendors Risk assessments, working only with partners and third parties that ensure GDPR compliance.
ebankIT embeds security protocols in all stages of the software development lifecycle and infrastructure. This includes a set of internal controls activities such as Control environment, Risk Management and Monitoring. Logical and Physical access controls, Alerts and Incident management and Recovery plans.
ebankIT identifies and treat relevant risks to achieve its objectives at different levels.
ebankIT uses a Data Loss Prevention service to avoid data leaks.
ebankIT sends information through SFTP channels, VPNs, and zip-encrypted information when risks are identified.
Logical and Physical Access controls are in place to avoid unauthorized access to confidential information.
ebankIT uses anonymized test data to ensure the full functionality of clients' software and protect their data confidentiality.
ebankIT annually requests an independent entity to identify and analyses vulnerabilities in the ebankIT´s infrastructure and systems.
Control policies and procedures are established and executed to ensure that the actions identified by management are necessary to address risks are effectively carried out.
ebankIT processes are monitored, and modifications made as necessary. In this way, the system can react dynamically, changing as conditions warrant. Changes to the organization, business processes, assets, information processing facilities and systems that affect information security are registered and controlled accordingly to change management policy.
A Business Continuity and Disaster Recovery Plan has been defined and periodically tested. It defines the main risks and mitigation measures to be taken in case of failure. It establishes what the company must do if normal activities business cannot be carried out due to disability, such as loss of technology, facilities, or a large proportion of employees.