Security & Protection Policies
Advanced Unified Telecommunication Establishment (Bevatel) takes care of information security policies. So we designed these policies to help our customers who use Bevatel systems and services to be aware and ensure the security and protection of their data and their customers' data used through the techniques provided by Bevatel solutions.
In the interest of Bevatel to deal with complete transparency regarding the security of its customer's data, we clarify all the policies and precautions that we take to ensure that all of their data and customer's data are of utmost safety and confidentiality.
All policies and mechanisms of Bevatel are subject to ISO standards and procedures for information protection security of ISO 27001, including complete protection of systems and applications through policies and procedures, protection of powers and control, ensuring business continuity, protecting human resources, protecting network infrastructure, security policies from third parties, management Vulnerability protection, and incident response.
Security & Protection Policies
Bevatel Security & Protection
Bevatel guarantees the security and protection of its data and its customers' data with a team of experts and specialists responsible for all protection and confidentiality policies and techniques that Bevatel takes towards itself and the users of its systems and solutions.
Human Resources Protection
Background checks and non-disclosure agreements
As permitted by local regulations, laws, and employment standards, all Bevatel employees undergo thorough screening before being hired. All Bevatel employees sign non-disclosure agreements for Bevatel or its customers' data before you allow them to access the company's systems or data.
Awareness and training
Bevatel is keen to regularly train and educate its new and existing employees on the Bevatel protection and confidentiality policies of Bevatel and its customer’s data because education and training is an essential component of a successful information security program for any organization. And without training and education, technical controls cannot protect customer data and maintain its confidentiality.
Bevatel trains all new employees on information security policies to educate them about their role and responsibilities in providing the necessary protection for the organization data and the data of its customers against internal threats, intrusion programs, systems and applications safe-use, social engineering and other technologies related to the data confidentiality protection.
Bevatel regularly trains its employees on updates regarding the policies and confidentiality of its data and that of its customers through training sessions, notices, and internal communications at least every two months.
Determine and manage Permissions and control
Bevatel follows a set of techniques and processes to grant permissions or revoke access to its systems and applications. Accessing Bevatel systems depends on two basic concepts: least-possible-privilege and need-to-know, to ensure that access to Bevatel systems and applications is compatible with the specific permissions and responsibilities of each individual.
Bevatel provides a unique identification code for each customer so that he can access Bevatel's systems and applications.
Bevatel has a corporate password policy compliant with the Basic Password Standards, which requires passwords to be changed every 90 days.
Bevatel's password policies stipulate a minimum word length of 10 characters without any separating spaces in addition to complexity requirements which include special characters, uppercase, and lowercase letters and numbers.
Bevatel enforces a multi-stage user identification policy, such as physical security keys and single sign-on solutions.
Bevatel reviews the authorizations periodically (at least every 3 months) to ensure that the powers and responsibilities are consistent with the employee's job role.
Bevatel utilizes a documented service termination process that includes defining responsibilities for gathering information assets and removing permissions and access rights of employees to Bevatel systems and applications when they leave the company.
The infrastructure of Bevatel Systems
Systems security and systems network environment
Amazon Web Services are our cloud infrastructure provider. AWS maintains an audited security program including ISO 27000, PCI, and SOC2, and some controls have been implemented, including the following:-
Backup power supplies
Control of temperature and humidity
Fire and haze detection alarm
Note: Bevatel doesn't host any customers' systems or products inside its offices.
Bevatel strives to provide the latest and the most secure standards and policies for its systems, applications, and customer's data with many essential procedures that Bevatel always takes into account.
Bevatel splits its system into separate networks to provide maximum security and protection for customer data and to separate public services from internal services.
Bevatel Allows sharing of customers' data only over its systems and networks.
Bevatel utilizes a range of security technologies, firewalls, intrusion detection systems, various security systems (IDS/IPS), and web application firewalls so that users can protect their customers' data with utmost accuracy.
Bevatel maintains configuration technology as a symbol of network security and firewall rules, and Bevatel provides notifications of any conflicts between configuration and system settings.
Overcoming various disasters and business continuity
Bevatel takes many measures and considerations to ensure business continuity and to overcome disasters and problems that may arise and negatively affect the services:-
Bevatel updates the disaster recovery plan at least once a year.
Bevatel systems and services rely on the availability of AWS Web Services in remote geographic areas to maintain service continuity even when one or more sites fail.
Bevatel aims to isolate and treat any problem that may affect its customers quickly and with utmost transparency. And in the event of technical issues, Bevatel maintains the status page.
Backup and recovery
Regular backups are made daily, hosted on Bevatel's data center infrastructure on AWS.
Backups are encrypted using AES 256 encryption, and backup restore testing is performed at least once annually.
Bevatel ensures that all customer data is encrypted while working and at rest using industry standards TLS 1.2 and AES-256, respectively.
Bevatel's engineering team uses the AWS KMS Key management service, and all keys are managed by our protection and security team centrally.
Where to maintain servers
Bevatel takes all security and protection standards and policies for its data and the customers' data. And even the preservation and protection of the servers that Bevatel utilizes.
Bevatel maintains its servers in Riyadh, Kingdom of Saudi Arabia, in the data centers of Etihad Atheeb Telecom Company and Zain Telecom.
How long to keep the calls
Advanced Unified Telecommunication Establishment (Bevatel) retains all customers' outgoing and incoming calls for 30 days from the date of making or receiving the call.
Subscribers to the Bevatel cloud call center service can request to keep outgoing and incoming calls during a specific period and for a certain period, and Bevatel will keep calls for the required period based on the customer’s request and with defined fees.
Bevatel utilizes tools to review and monitor records to identify any errors or irregularities, and if found, the Bevatel team will review, verify and apply the corrections.
Bevatel cloud call center system includes many users, and the customer data is separated logically.
Bevatel systems verify that the user is authorized to carry out a specific request or obtain certain data by authorating that the user's company is the same as the required data company.
Bevatel provides many security policies and procedures for the security of its application. And these policies include vulnerability management and detection, penetration testing, and change management.
Managing vulnerabilities and patches
Bevatel has established several functions to conduct periodic vulnerability checks for its systems and applications.
The results are processed into the Bevatel ticketing system and evaluated according to risk and priority, and then these results are added to the backlogs for resolving it.
All issues, patches, and modifications are categorized as high-risk issues. And they are resolved within 30 days at maximum.
Bevatel conducts penetration tests twice annually through third parties to conduct application-level tests.
Security threats and vulnerabilities are prioritized, detected, and resolved promptly.
Reports of penetration tests carried out by Bevatel are available upon request and signed under a confidentiality and non-disclosure agreement.
Bevatel has an official change management process to manage changes that may occur in the operating environment of Bevatel systems and applications, such as changes occurring to the essential Bevatel programs, applications, and platforms.
All changes that occurred in the Bevatel systems and applications to the code allocated by Bevatel to the different systems are subject to a code review by specialists to analyze security, performance, and the possibility of abuse.
Bevatel has specialists and technical experts to detect errors and identify changes, security flaws, and vulnerabilities in the systems, applications, and services that Bevatel provides to its customers.
Response to issues
Bevatel has developed many procedures for receiving reports of accidents and security problems with the Security and Protection team, including the following:-
Preserving the problem/incident
When interacting with any incident or issue facing Bevatel systems and applications, the security team will do the following:-
Info Gathering & Define Security Issues
Communicate with customers affected by the problem via email or mobile
Provide periodic updates according to the need of the issue or incident. And ensure that the issue is resolved appropriately to the clients.
Bevatel is committed to many technical methods to ensure that appropriate security controls are in place to protect and secure the Bevatel systems and application users.
Bevatel periodically reviews each user once a year.
Bevatel complies with all security and business continuity standards, including the type of access, the classification of data accessible to users, and the technical and legal controls necessary to protect data.
Bevatel has written and documented agreements with all its service providers. These agreements include a commitment to confidentiality, security, and privacy policies that provide the highest levels of protection and security for customer data used and processed through Bevatel's systems and applications.
End User Security
Bevatel takes all necessary measures and policies to maintain the protection and security of its systems and applications from end users.
All computers at Bevatel are centrally managed and fully encrypted.
End users cannot disable or block anti-virus and intrusion detection programs or control security measures and techniques.
Bevatel's technical team periodically pushes updates to users to ensure that all devices are running the latest version of Bevatel systems and applications.
Privacy & Data Maintenance
Bevatel takes strict and accurate procedures and policies to maintain the security and confidentiality of its customer's data.
Security, privacy, and compatibility
Bevatel systems and applications are compatible with the most flexible and secure cloud environment, relying on AWS for security, confidentiality, and customer data protection.