Security Overview
SBS TELECOM is committed to maintaining the highest standards of information security. This document provides an overview of our security practices, infrastructure controls, and compliance posture.
Infrastructure Security
- Production infrastructure hosted in ISO 27001 certified data centres
- Network segmentation and firewall controls between all system components
- Intrusion detection and prevention systems (IDS/IPS)
- DDoS mitigation at network and application layer
- Vulnerability scanning and patch management programme
Data Security
- All data in transit encrypted via TLS 1.2 minimum (TLS 1.3 preferred)
- Database encryption at rest
- Message content not retained beyond transmission (default 24 hours maximum)
- API keys hashed and never stored in plaintext
- Secure secret management via vault systems
Access Controls
- Role-based access control (RBAC) across all platform components
- Multi-factor authentication enforced for all privileged access
- Principle of least privilege applied to all system accounts
- Regular access reviews and deprovisioning process
Compliance
- UK GDPR and Data Protection Act 2018 compliant
- EU GDPR compliant data processing for EU client data
- UK data residency option available
- Regular third-party penetration testing
- Security incident response plan maintained and tested