Information Security

By Bits follows the principles of ISO 27001, an internationally recognised standard that defines how we manage our information security. To accomplish this, we use the best-in-class security tools and practices to maintain a high level of security.

Key practices

Secure communication

By Bits forces HTTPS for all services using TLS (SSL), including our brochure site, API services and the Admin Console. By Bits's API services connect to By Bits's servers over TLS and verify TLS certificates on each connection.Data encryption

We operate stringent database requirements which ensures your data is encrypted at rest with AES-256 encryption or better.Availability

Our infrastructure runs on systems that are fault tolerant to ensure availability, including storing data redundantly in multiple locations in our hosting provider's data centres.Logging

By Bits conducts continual operational system audit logs which contain information pertaining to security, monitoring, availability, access and other metrics about the By Bits services.Incident management

In the event of a security breach, By Bits has incident management policies and procedures in place to ensure they are resolved effectively.

Our information security management policy

We maintain an Information Security Management System that's designed to meet the requirements of ISO 27001 in pursuit of our primary objectives in the context of the organisation. It provides a framework for setting, monitoring, reviewing and achieving our objectives, programmes and targets.

The scope of this policy relates to use of computer systems and databases operated by us as part of our business. It also relates to (where appropriate) external risks sources including from any functions which are outsourced.

It's our policy to:

  • Make the details of our Information Security Management System (ISMS) known to all other interested parties where appropriate
  • Comply with all legal requirements, codes of practice and all other requirements applicable to our activities, including that of the General Data Protection Regulation (GDPR).
  • Ensure that our customers' data is stored securely, processed in a fair and transparent manner, and accessible to them whenever requested.
  • Provide equipment, trained and competent staff, and any other required resources to enable these objectives to be met.
  • Maintain a Business Management System (BMS) that will achieve these objectives and seek continual improvement in the effectiveness and performance of our ISMS.

To ensure that we continually improve as a company, our Business Management System is regularly reviewed by myself and our management team to ensure that it remains appropriate and suitable to our business. The Business Management System is subject to both internal and external annual audits.

Callum Rimmer, CEO