InfoSec & Compliance

Beyonity was developed with a security-focused approach that enables companies to process sensitive customer data in the cloud. For this reason, banks, insurance companies, and other regulated firms trust Beyonity.
Talk to an InfoSec & Compliance Specialist

Beyonity products run on high-security data centers

  • ISO 27001
  • ISO 27018
  • SOC 1/2/3
  • CSA STAR
  • PCI DSS

We can help you assess your information security and compliance

We have helped well-known large companies transition to processing sensitive personal data in the secure Beyonity Cloud. We understand your concerns and know how to address them from the perspective of information security and regulatory compliance.
“Whether you choose to establish your own assessment process or need guidance from us, we’ll actively support you in your risk assessment.”
Max Mustermann
Mattia Rüfenacht

Product security

Deleting data/files

Delete your dossiers without losing relevant data for ESG reporting & co.

Beyonity retains data on tenants/buyers, but this data no longer allows any conclusions to be drawn about the actual individuals. For this reason, you can process dossier data containing CID and learn from it over the long term, without leaving the data in the cloud for an unnecessarily long time.

Restrict the IP range from which your tenant can be accessed by using IP whitelisting. This prevents users outside your network infrastructure from logging in to Beyonity.

Integrate your own OpenID-based identity provider to centralize identity management and provide a seamless user experience for authentication.

Beyonity offers a wide range of authentication methods:

Password-based authentication
Users need at least a password to log into their client. This also applies to Beyonity employees.

Multi-factor authentication
In addition, users can enable 2FA authentication. This access security is enforced for Beyonity employees. After each login, all users receive a bearer token.

API communication – HTTPS client authentication
Beyonity uses HTTPS for all communication to ensure confidentiality, authenticity, and integrity. It also improves data protection for applications and users utilizing the API. For APIs that support CORS (Cross-Origin Resource Sharing)* or JSONP requests, it also ensures that the requests are not blocked as mixed content.

HTTP basic authentication
Beyonity webhooks can use HTTP, but do not contain sensitive information.

API access tokens
Integrations use API keys that users can generate (and rotate) themselves. Access tokens are suitable for applications where many users require access. They are secure and easy to handle from the end users’ perspective.

Encryption by default, at rest and in transit.

We encrypt data in transit between systems and at rest to ensure that only authorized roles and services with verified access to the encryption keys can access it.

With the launch of BeyonityHELLO, Beyonity conducts an annual penetration test through an independent firm to identify potential vulnerabilities and implement preventive measures.

The report and detailed assessment are provided upon request. The penetration tests are conducted in the second half of each year.

Beyonity’s formal guidelines outline the requirements for functions related to IT and technology: vulnerability management, system monitoring, and security monitoring.

Infrastructure security

Intruder detection
Beyonity uses an intrusion detection system to continuously monitor the corporate network and detect potential security breaches at an early stage.
The IT operations for Beyonity products are replicated in real time across multiple data centers. Alerts are configured to notify administrators if replication fails.
Beyonity restricts privileged access to encryption keys to authorized users who, as superadministrators, require emergency access.
Beyonity restricts privileged access to networks to authorized users who, as superadministrators, require emergency access. Software engineers do not have access to customer data.
Beyonity uses a log management tool to identify events that could potentially impact the company’s ability to achieve its security objectives.
Firewalls are essential for several reasons: They block unauthorized access, enforce access controls, detect and block suspicious activity, and provide an additional layer of defense against cyberattacks.
An intelligent backup mechanism has been implemented to enable a rapid disaster recovery process.

Organizational security

Business Continuity Planning
The Business Continuity Policy of Beyonity Switzerland GmbH ensures the establishment of objectives, plans, and procedures to minimize disruptions to core business activities. It encompasses all infrastructure and data within the scope of the company’s information security program and applies to management, employees, and suppliers. The policy underscores the importance of risk assessments, contingency plans, as well as data backup and recovery plans for maintaining business resilience.

The hiring process at Beyonity includes a comprehensive 3-part assessment for new employees. This includes the submission of a self-disclosure/resume, a series of interviews with at least six people, and a separate skills assessment. Reference checks and criminal record extracts are also part of the evaluation.

In addition, Beyonity conducts annual reviews of its employees, which also include updated criminal record extracts and a refresher on bank client secrecy provisions. All employees participate in annual data protection training, which is logged and confirmed by the employee.

Risk analysis plays a crucial role at Beyonity, as it enables the company to identify and proactively address potential issues that could affect its IT infrastructure. By conducting a thorough assessment, Beyonity can identify various threats—including structural, technical, human, and natural threats—and evaluate their potential risk.

Based on the analysis, appropriate risk management procedures are implemented. These include protective measures to reduce the likelihood of risks, mitigation measures to lessen the impact of disasters, recovery measures to restore systems and infrastructure, and contingency plans to guide actions in the event of incidents or disasters. Through IT risk analyses, Beyonity ensures the resilience and security of its IT environment.

 
  • A6.1 SAST Backend: Evidence of Static Application Security Testing (SAST) on the backend.
    •  
  • A6.1 SAST Frontend: Evidence of Static Application Security Testing (SAST) on the frontend.
    •  
  • Acceptable Use Policy – Roles and Responsibilities: Outlines roles and responsibilities for the acceptable use of company resources.
    •  
  • Access Onboarding and Offboarding Policy: Guidelines for granting and revoking access during the onboarding and termination of employees.
    •  
  • Access Review Sessions: Evidence of access review sessions to ensure appropriate access privileges.
    •  
  • Approved Tools Policy: List of approved tools and software for employee use.
    •  
  • Asset Inventory Confluence: Management and documentation of company assets using Confluence.
    •  
  • Security Breach Policy: Procedures to be followed in the event of a security breach or incident.
    •  
  • Business Continuity Policy: Objectives and procedures to ensure minimal disruption to core business activities in emergencies.
    •  
  • Code of Conduct Policy: Expected standards of behavior and ethical principles for employees.
    •  
  • Data Classification Policy: Guidelines for the classification and protection of sensitive data.
    •  
  • Disaster Recovery Policy: Strategies and procedures for restoring IT systems and operations following a disaster.
    •  
  • Encryption Policy: Requirements and guidelines for the encryption of sensitive data.
    •  
  • Information Security Policy: Principles and guidelines for managing information security.

    • Data and data protection

    EU-GDPR
    Beyonity operates in full compliance with the EU General Data Protection Regulation (EU GDPR) and ensures that all data processing activities comply with the principles and requirements of the regulation. We prioritize the protection of personal data, respect individual rights, implement appropriate security measures, conduct necessary assessments, and maintain documentation in accordance with the EU GDPR. Our commitment to data protection enables us to provide our customers and stakeholders with a trustworthy and compliant environment.

    Beyonity operates in full compliance with the revised Swiss Data Protection Act (revDSG) and ensures that all data processing activities comply with the principles and requirements of the regulation.

    We prioritize the protection of personal data, respect individual rights, implement appropriate security measures, conduct necessary assessments, and maintain documentation in accordance with the revDSG.

    Our commitment to data protection enables us to provide our customers and stakeholders with a trustworthy and compliant environment.

    Beyonity maintains a data classification policy to ensure the proper handling and protection of sensitive information. This policy establishes guidelines for categorizing data based on its level of confidentiality, so that appropriate security measures can be implemented.

    By classifying data, Beyonity can apply the necessary controls and safeguards, such as encryption or access restrictions, to protect sensitive information from unauthorized access or disclosure.

    The data classification policy reflects Beyonity’s commitment to data privacy and security, helping to mitigate risks and maintain the confidentiality, integrity, and availability of valuable data assets.

    Beyonity requires all customers to sign Data Processing Agreements (DPAs) to ensure the protection and proper handling of personal data. These agreements establish the responsibilities, obligations, and protective measures for the processing of customer data in accordance with applicable data protection laws, such as the EU General Data Protection Regulation (GDPR).

    By requiring DPAs, Beyonity establishes a clear understanding between the company and its customers regarding the handling, security, and confidentiality of personal data. This commitment to data protection helps build trust and transparency in the customer relationship and ensures that personal data is processed in a compliant and secure manner.

    Beyonity has implemented additional procedures to ensure the swift and effective handling of data breach notifications. In accordance with data protection regulations, such as the EU General Data Protection Regulation (GDPR), Beyonity has established processes for detecting, assessing, and reporting data breaches.

    These procedures enable the organization to respond quickly, notify the relevant authorities within the prescribed timeframe, and take appropriate measures to mitigate the impact of the breach on the rights and freedoms of individuals. By establishing robust data breach notification procedures, Beyonity demonstrates its commitment to transparency, accountability, and the protection of personal data. To date, Beyonity has not experienced a data breach.

    Beyonity is able to assist with data transfer agreements to ensure the secure and lawful transfer of personal data. In accordance with data protection regulations, such as the EU General Data Protection Regulation (GDPR), Beyonity recognizes the importance of protecting data when it is transferred outside the European Economic Area (EEA).

    Beyonity supports its customers with guidance and expertise in navigating the complexities of cross-border data transfers. The organization helps to assess the adequacy of data protection measures, implement appropriate safeguards, and establish legally binding agreements to protect personal data during international transfers. Beyonity’s expertise regarding data transfer agreements ensures compliance with regulations and promotes the secure exchange of data across borders.

    Beyonity pays close attention to the deletion of customer data and emphasizes the secure and permanent removal of customer data from its systems. Recognizing the importance of data privacy and individual rights, Beyonity employs robust processes and controls to ensure the proper deletion of customer data upon request or upon the expiration of the agreed retention period.

    By complying with data protection regulations, such as the EU General Data Protection Regulation (GDPR), even in non-EU countries, Beyonity ensures that customer data is handled with the utmost care and is deleted promptly and securely in accordance with legal requirements. This commitment to the deletion of customer data reflects Beyonity’s dedication to data privacy and customer trust.

    Don't let your competitors leave you behind.

    Before you leave: Schedule a presentation now and take your real estate marketing to the next level!
    Questions?
    Book a Demo