POWERED BY BLACKSYNC INC.
Security Policy
1. Introduction
We offer digital security products and services to businesses globally, providing practical solutions to their unique challenges. Our commitment to security is unwavering and is ingrained in every aspect of our organization, from our dedicated team to our robust processes and innovative products. This includes comprehensive measures for data security, operational security, and physical security, ensuring that our customers can trust us to safeguard their valuable data and operations.
2. Organizational security
Our organization prioritizes security by implementing an Information Security Management System (ISMS) that addresses our security objectives and the risks and mitigations involving all stakeholders. We enforce stringent policies and procedures to ensure customer data’s security, availability, processing, integrity, and confidentiality.
3. Employee background checks
Each employee undergoes a thorough background verification process. We engage reputable external agencies to conduct this check on our behalf to ensure that their criminal records, previous employment history, and educational background are all verified. Once this verification is complete, employees are only assigned tasks that could pose a risk to our users.
4. Security awareness
Our employees are committed to upholding confidentiality, privacy, and security standards. Upon joining the company, each employee signs a confidentiality agreement and acceptable use policy, followed by comprehensive information security, privacy, and compliance training. We regularly assess their knowledge through tests and quizzes to identify areas for further training. In addition, we offer role-specific security training to address individual needs. Our internal community serves as a platform for ongoing education and updates on security practices. We foster a culture of awareness and innovation in security and privacy through regular check-ins and internal events.
5. Dedicated security and privacy teams
Our dedicated security and privacy teams work tirelessly to implement and manage our robust security and privacy programs. They are responsible for engineering and maintaining our sophisticated defense systems, developing thorough review processes for security, and continuously monitoring our networks to detect any suspicious activity. In addition, they offer specialized consulting services and guide our engineering teams.
6. Internal audit and compliance
Our dedicated compliance team meticulously reviews procedures and policies to ensure alignment with industry standards. We proactively identify and implement necessary controls, processes, and systems to meet these standards. Our team conducts regular internal audits and coordinates independent audits and assessments by third parties.
7. Endpoint security
All workstations provided to 1 Partner 360 Security's employees are equipped with the latest operating system and are installed with anti-virus software. They are set up to adhere to our stringent security standards, which mandate proper configuration, regular updates, and monitoring through 1 Partner 360 Security’s endpoint management solutions. These workstations prioritize security by default, employing data encryption, strong passwords, and automatic locking when idle. Additionally, mobile devices used for business purposes are enrolled in our mobile device management system to guarantee compliance with our security protocols.
8. At workplace
Using access cards, we regulate entry to our assets (such as buildings, infrastructure, and facilities). Various access cards are issued to employees, contractors, vendors, and visitors, each providing access tailored to their needs. Our Human Resources (HR) team defines and oversees access privileges based on individual roles. To ensure security, we meticulously monitor access logs to detect and resolve any irregularities.
9. At data centers
At Data Centers, we use a reputable co-location provider to oversee the building, cooling, power, and physical security while we are responsible for providing the servers and storage. Access to the Data Centers is limited to a select group of authorized personnel. Any additional access requires a formal request and is only granted with the approval of the respective managers. Furthermore, entry into the premises necessitates both two-factor and biometric authentication. Access logs, activity records, and camera footage are readily available in the event of an incident.
10. Monitoring
We closely oversee all entry and exit activities across our facilities and data centers using CCTV cameras in compliance with local regulations. We maintain backup footage for a specified duration based on location-specific needs.
11. Network security
Our comprehensive network security measures are meticulously designed to ensure robust protection. We fortify our network by implementing firewalls against unauthorized access and unwanted traffic. To safeguard sensitive data, we segment our systems into distinct networks. Our testing and development activities are hosted on a separate network, ensuring the integrity of our production infrastructure. Our vigilant approach includes regular firewall access monitoring and daily reviews by a network engineer.
Furthermore, we conduct biannual reviews to update and refine firewall rules. Our dedicated Network Operations Center team monitors our infrastructure and applications for irregularities or suspicious activities. Leveraging our proprietary tool, we continuously monitor vital parameters and promptly respond to any signs of abnormal or suspicious activities within our production environment.
Furthermore, we conduct biannual reviews to update and refine firewall rules. Our dedicated Network Operations Center team monitors our infrastructure and applications for irregularities or suspicious activities. Leveraging our proprietary tool, we continuously monitor vital parameters and promptly respond to any signs of abnormal or suspicious activities within our production environment.
12. Network redundancy
Rest assured that our platform is designed with redundancy in mind. Our distributed grid architecture ensures that even during a server failure, users can continue accessing their data and 1 Partner 360 Security services without interruption. Additionally, using multiple switches, routers, and security gateways guarantees device-level redundancy, eliminating single-point failures in the internal network.
13. DDoS prevention
We employ cutting-edge technologies from reputable service providers to safeguard our servers against DDoS attacks. These technologies provide robust DDoS mitigation capabilities, effectively thwarting disruptive bad traffic while ensuring seamless passage for legitimate traffic. This ensures that our websites, applications, and APIs remain consistently accessible and operate at peak performance.
14. Intrusion detection and prevention
Our intrusion detection mechanism monitors host-based signals on individual devices and network-based signals from designated monitoring points within our servers. Administrative access, utilization of privileged commands, and system calls across all servers within our production network are carefully logged. Integrating established rules and machine intelligence built upon this data provides security engineers with alerts regarding potential incidents.
We employ a proprietary Web Application Firewall (WAF) at the application layer, which functions according to both allowlist and blocklist criteria.
At the Internet Service Providers (ISPs) level, a multi-layered security approach is enacted, incorporating scrubbing, network routing, rate limiting, and filtering to effectively mitigate attacks from the network layer to the application layer. This system ensures clean traffic, a reliable proxy service, and prompt reporting of any possible attacks.
We employ a proprietary Web Application Firewall (WAF) at the application layer, which functions according to both allowlist and blocklist criteria.
At the Internet Service Providers (ISPs) level, a multi-layered security approach is enacted, incorporating scrubbing, network routing, rate limiting, and filtering to effectively mitigate attacks from the network layer to the application layer. This system ensures clean traffic, a reliable proxy service, and prompt reporting of any possible attacks.
15. Secure by design
We prioritize security and accountability in every aspect of our application development. Our change management policy ensures that all changes and new features are authorized before being implemented into production. Our Software Development Life Cycle (SDLC) mandates strict adherence to secure coding guidelines, and all code changes are thoroughly screened for potential security issues using code analyzer tools, vulnerability scanners, and manual review processes.
In addition, our robust security framework, based on OWASP standards and implemented in the application layer, provides strong defenses against threats such as SQL injection, Cross-site scripting, and application layer DOS attacks.
In addition, our robust security framework, based on OWASP standards and implemented in the application layer, provides strong defenses against threats such as SQL injection, Cross-site scripting, and application layer DOS attacks.
16. Data isolation
At our company, we take the security and privacy of your data very seriously. Our framework ensures that each customer’s data is kept separate and secure from other customers’ data. When you use our services, your data is stored on our servers and belongs to you, not us. We never share your data with any third party without your permission.
17. Encryption
Rest assured that all customer data transmitted to our servers over public networks is safeguarded using robust encryption protocols. We require all connections to our servers to utilize Transport Layer Security (TLS 1.2/1.3) encryption with solid ciphers, ensuring secure connections for web access, API access, mobile apps, and email client access. Our email services also employ opportunistic TLS by default for secure email delivery, preventing eavesdropping between mail servers. Our encrypted connections fully support Perfect Forward Secrecy (PFS), guaranteeing that no previous communication could be decrypted even if compromised in the future. Additionally, we have implemented the HTTP Strict Transport Security header (HSTS) for all web connections, ensuring that modern browsers only connect to us over an encrypted connection. Furthermore, we have flagged all our authentication cookies on the web as secure, further enhancing security measures.
Your data is in safe hands with us. We ensure that sensitive customer data at rest is encrypted using the industry-standard 256-bit Advanced Encryption Standard (AES). We own and manage the keys using our in-house Key Management Service (KMS) for added security. By encrypting the data encryption keys using master keys and physically separating and storing them in different servers with limited access, we provide additional layers of protection.
Your data is in safe hands with us. We ensure that sensitive customer data at rest is encrypted using the industry-standard 256-bit Advanced Encryption Standard (AES). We own and manage the keys using our in-house Key Management Service (KMS) for added security. By encrypting the data encryption keys using master keys and physically separating and storing them in different servers with limited access, we provide additional layers of protection.
18. Data retention and disposal
We value your data and are committed to keeping it secure. When you stop using 1 Partner 360 Security services, your data will be removed from the active database during our regular clean-up, which takes place every three months. After this, the data will be deleted from backups within one month. If your account remains unpaid and inactive for 30 days, we may terminate it after providing you with prior notice and the option to back up your data.
To ensure the safe disposal of unusable devices, we entrust this task to verified and authorized vendors. The devices are securely stored until disposal, and information is thoroughly formatted. When it comes to failed hard drives, we degauss them before physically destroying them using a shredder. As for failed Solid State Devices (SSDs), we crypto-erase and shred them for added security.
To ensure the safe disposal of unusable devices, we entrust this task to verified and authorized vendors. The devices are securely stored until disposal, and information is thoroughly formatted. When it comes to failed hard drives, we degauss them before physically destroying them using a shredder. As for failed Solid State Devices (SSDs), we crypto-erase and shred them for added security.
19. Single Sign-On (SSO)
We provide a seamless single sign-on (SSO) solution that allows users to conveniently access multiple services using a unified sign-in page and authentication credentials. Our integrated Identity and Access Management (IAM) service ensures that signing in to any 1 Partner 360 Security service is streamlined and secure. We fully support SAML for single sign-on, enabling customers to integrate their company’s identity provider, such as LDAP or ADFS, when accessing 1 Partner 360 Security services. SSO simplifies the login process, ensures compliance, offers effective access control and reporting, and minimizes the risk of password fatigue and weak passwords.
20. Multi-Factor authentication
Enhance your security with an additional layer of protection. By implementing multi-factor authentication, you can significantly lower the risk of unauthorized access, even if passwords are compromised. To configure multi-factor authentication using any authenticator app, utilize various modes such as biometric Touch ID or Face ID, Push Notification, QR code, and Time-based OTP.
21. Administrative access
We take strict measures to ensure the security of user data. Our employees need proper authorization to access data. We follow the principle of least privilege and use role-based permissions to minimize the risk of data exposure.
Access to production environments is tightly controlled and authenticated using strong passwords, two-factor authentication, and passphrase-protected SSH keys. We also use a separate network with stringent rules and hardened devices for access. Additionally, all operations are logged and regularly audited for security purposes.
Access to production environments is tightly controlled and authenticated using strong passwords, two-factor authentication, and passphrase-protected SSH keys. We also use a separate network with stringent rules and hardened devices for access. Additionally, all operations are logged and regularly audited for security purposes.
22. Logging and monitoring
We diligently gather and analyze data from various sources within our network, including device usage and internal traffic. This information is documented in event, audit, fault, administrator, and operator logs. Our automated monitoring and analysis processes help us detect unusual activities, such as unauthorized access attempts or irregular employee account behavior. To ensure security and accessibility, we store these logs in a secure server with restricted system access and centralized access control management. Customers can also access detailed audit logs for all updates and deletions of operations in every 1 Partner 360 Security service.
23. Vulnerability management
We have a rigorous vulnerability management process, utilizing third-party scanning tools and our own technology to detect security threats actively. Our dedicated security team also closely monitors incoming security reports and regularly monitors public sources for potential security incidents. When a vulnerability is identified, it is promptly logged, prioritized based on severity, and assigned to a specific owner. We meticulously assess associated risks and diligently track the vulnerability until it is successfully addressed through system patching or the implementation of relevant controls.
24. Backup
We conduct daily incremental and weekly full backups of our databases, all stored in the exact location and encrypted with a robust AES-256-bit algorithm. Our backup data is retained for three months, and if you ever need data recovery within this period, we’ll restore your data securely. The restoration timeline depends on data size and complexity.
To safeguard our backed-up data, we use a redundant array of independent disks (RAID) in our backup servers. All backups are scheduled, tracked, and subject to automatic integrity and validation checks. In the event of a failure, we promptly initiate a re-run and fix the issue.
We recommend regularly scheduling data backups by exporting them from the respective Blacksync services and storing them locally in your infrastructure to ensure their safety.
To safeguard our backed-up data, we use a redundant array of independent disks (RAID) in our backup servers. All backups are scheduled, tracked, and subject to automatic integrity and validation checks. In the event of a failure, we promptly initiate a re-run and fix the issue.
We recommend regularly scheduling data backups by exporting them from the respective Blacksync services and storing them locally in your infrastructure to ensure their safety.
25. Disaster recovery and business continuity
Our application data is securely stored across replicated resilient storage in multiple data centers. Our primary data center replicates data in near real-time to our secondary center, ensuring seamless operations during a primary data center failure. Various ISPs provide robust connectivity support for both centers. Additionally, we have implemented power backup, temperature control, and fire-prevention systems to ensure business continuity. These measures, combined with redundant data and a comprehensive business continuity plan for our significant operations, demonstrate our commitment to resilience and uninterrupted service delivery.
Last revised
February 28, 2025
COPYRIGHT © 2008-2025 BLACKSYNC INC. ALL RIGHTS RESERVED.