Information Security

Security Commitment

Information security is fundamental to our operations. We implement comprehensive security controls protecting client data, systems, and intellectual property.

Security Framework

Our security program aligns with industry standards including:

• ISO 27001 principles
• NIST Cybersecurity Framework
• CIS Controls
• UK NCSC Cyber Essentials guidance
• OWASP security practices

Technical Controls

Encryption

• Data encrypted in transit using TLS 1.2 or higher
• Data encrypted at rest using AES-256 or equivalent
• Key management using industry-standard practices
• Certificate management and rotation

Access Controls

• Role-based access control (RBAC)
• Principle of least privilege
• Multi-factor authentication (MFA) for sensitive systems
• Strong password policies
• Regular access reviews and deprovisioning

Network Security

• Firewalls and network segmentation
• Virtual Private Networks (VPNs) for remote access
• Intrusion detection and prevention systems
• DDoS protection
• Regular vulnerability scanning

Incident Response

We maintain a comprehensive incident response program:

• 24/7 incident detection and response capability
• Defined escalation procedures
• Forensic investigation capabilities
• Communication protocols
• Post-incident reviews and improvements

Contact

Security enquiries: security@bugni.io

Security incidents: security-incident@bugni.io

General compliance: compliance@bugni.io