Bambu has established information security policies and procedures that are SOC 2 certified. Policies and procedures are reviewed regularly to assess the effectiveness of our controls. Should you require an audit report, you can obtain one upon request under a non-disclosure agreement.
Security is embedded in all stages of the software development lifecycle (SDLC) at Bambu, from requirements to deployment, monitoring, and incident management.
Bambu always ensures our customers and regulators can execute their supervisory functions and have effective audit rights to Bambu’s business premises and processes.
Our Bambu BUILD customers will have a dedicated environment that provides greater control over the domain and increase the isolation required by financial regulators.
We apply principles of least privilege and need to know along with relevant access control processes, data protection mechanisms and regular awareness trainings to reduce the chances of data loss or leakage by internal or external threats.
Any processes or procedures implemented regarding data privacy within Bambu are inline with Singapore’s Personal Data Protection Act (PDPA).
If you receive an email from someone claiming to be an employee at Bambu but you are not sure of their legitimacy, please contact the team via our website at http://www.bambu.co or email us at firstname.lastname@example.org with details of the liaison. We will be able to verify the authenticity of the communication
Our control measures evolve around the NIST cybersecurity framework, which focuses on five main factors: identify, protect, detect, respond, and recover.
We continuously ensure that our platform complies with industry standards for cyber security, such as ISO/IEC 27001.
Our platform can offer authentication via LDAP and a two-step verification process, such as OTP. We integrate with the two-factor authentication (2FA) provider of the client’s choice. On top of that, our platform supports OAuth 2.0, Open ID, and SAML for SSO protocols.