Bond's Information Security Management System (ISMS) employs numerous controls to ensure the security and safety of our platform. We modeled our systems and processes after NIST 800-53 requirements, including the following:
- Comprehensive, 24x7x365 Security Operations Center (SOC) for security event collection, correlation, monitoring and alerts
- Continuous vulnerability management and automated penetration testing
- Recurring manual penetration testing for all system components
- Peer reviews for all code, automated code scans of Bond's code as well as third-party libraries
- Mandatory, industry-standard encryption at all stages of transmission and storage
- Mandatory user controls, such as background checks, security and awareness training
- Centralized endpoint management
- Mandatory multi-factor authentication and Role-Based Access (RBAC)
- Tokenization of sensitive data elements
- Bond is PCI compliant and can provide validation documents upon request
- Bond's initial SOC2 review is underway. We expect certification in Q1 of 2021
Bond protects customer trust with well-engineered security protocols to ensure that banks, brands, and developers can take fintech into the future, securely.
