Bond's Information Security Management System (ISMS) employs numerous controls to ensure the security and safety of our platform. We modeled our systems and processes after NIST 800-53 requirements, including the following:

• Comprehensive, 24x7x365 Security Operations Center (SOC) for security event collection, correlation, monitoring and alerts
• Continuous vulnerability management and automated penetration testing
• Recurring manual penetration testing for all system components
• Peer reviews for all code, automated code scans of Bond's code as well as third-party libraries
• Mandatory, industry-standard encryption at all stages of transmission and storage
• Mandatory user controls, such as background checks, security and awareness training
• Centralized endpoint management
• Mandatory multi-factor authentication and Role-Based Access (RBAC)
• Tokenization of sensitive data elements
• Bond is PCI compliant and can provide validation documents upon request
• Bond's initial SOC2 review is underway. We expect certification in Q1 of 2021

Bond protects customer trust with well-engineered security protocols to ensure that banks, brands, and developers can take fintech into the future, securely.