Protecting and securing the information of our clients and our company is of critical importance to PBI. We recognize that all relationships with current and prospective clients are based upon integrity and trust, and we take our role as custodians of confidential information very seriously.
PBI uses a multi-layered approach to protect data securely that includes, but is not limited to the following: implementing secure development practices, including annual training for our IT team, real time scanning of code changes for vulnerabilities, web application firewalls, n-tier application architecture, required security awareness training program for all employees at onboarding and on a regular basis, data loss prevention tools to alert and block transfers of sensitive data, and a consolidated SIEM solution that correlates alerts and events across multiple environments. PBI’s data security team manages this multi-layered security architecture by performing over 30 security reviews of quarterly audit checks to test compliance against security policies.
PBI’s formalized security program follows the industry-recognized security policy frameworks from the National Institute of Science & Technology (NIST) SP 800-53 and NIST Cybersecurity Framework.
SOC2 Audit and Third-party Security Testing
PBI undergoes an annual SSAE 18 SOC 2, Type II audit by an independent third-party to audit our controls over data confidentiality, integrity, security, and availability.
PBI regularly uses third parties to test and audit our security controls. We conduct monthly and quarterly vulnerability assessments and penetration tests of PBI’s internal and external network and application security, and conduct annual application penetration tests.
Network Security
PBI’s network incorporates several layers of protection to harden both corporate and production environments including 24/7 monitoring and alerts for critical events and failures, disabling unnecessary connections and services, regular OS and software patching, next generation firewalls with intrusion prevention and intrusion detection software, anti-virus scanning, and dedicated security event management system with 24/7 alerting.
PBI implements the security principle of least privilege access. Access to client information and PBI technology is based upon PBI employees job function, restricted by a valid need-to-know basis, and only used as is necessary to provide the authorized services. Additional access controls include multi-factor authentication and intrusion detection protection program. User accounts and permissions are audited on a quarterly basis.
Data in-transit across our network and data at-rest stored in our databases are encrypted using advanced encryption standards. The security of our databases is tested on a quarterly basis.
Privacy
For more information regarding data privacy, please view PBI’s Privacy Principles and Privacy Policy.