ICOn

Get 7 Days Free Trial, Money Back Guarantee

Data Security & Compliance Policy

Al-Bari Technologies – Salsabeel ERP

1. Purpose

This policy defines how Al-Bari Technologies protects customer data, ensures system security, and complies with applicable legal and regulatory standards while delivering ERP services.

2. Scope

This policy applies to:

  • All users of Salsabeel ERP
  • Employees, developers, and administrators
  • Third-party service providers
  • All data processed, stored, or transmitted through our systems

3. Data Protection Principles

We follow these core principles:

  • Data Minimization: Only required data is collected
  • Purpose Limitation: Data is used only for intended business operations
  • Access Control: Restricted access based on user roles
  • Integrity: Data must remain accurate and unaltered
  • Confidentiality: Unauthorized access is strictly prohibited

4. Security Measures

4.1 Authentication & Access Control

  • Role-Based Access Control (RBAC)
  • Strong password enforcement
  • Optional two-factor authentication (2FA)
  • Session timeout and login monitoring

4.2 Data Encryption

  • Data encrypted in transit using HTTPS (TLS 1.2+)
  • Sensitive data encrypted at rest in the database
  • Secure API communication protocols

4.3 Infrastructure Security

  • Secure cloud/server hosting environment
  • Firewall protection and intrusion detection
  • Regular server patching and updates

4.4 Application Security

  • Input validation and sanitization
  • Protection against SQL Injection, XSS, CSRF
  • Regular security testing and code review

5. Data Storage & Backup

  • Daily automated backups
  • Off-site or cloud backup redundancy
  • Disaster recovery plan in place
  • Data retention based on business and legal requirements

6. Compliance Standards

We aim to align with internationally recognized security practices, including:

  • General SaaS security best practices
  • ISO 27001-inspired controls (where applicable)
  • GDPR-style privacy principles (for global readiness)
  • Local data protection laws (Pakistan IT regulations where applicable)

7. User Responsibilities

Users must:

  • Keep login credentials confidential
  • Avoid sharing accounts
  • Report suspicious activity immediately
  • Use system only for authorized business purposes

8. Third-Party Services

We may use trusted third-party providers (hosting, SMS, email, payment gateways)

  • All third parties are evaluated for security compliance
  • Data sharing is limited strictly to operational necessity

9. Incident Response

In case of a security breach:

  • Immediate system investigation is initiated
  • Affected users are notified if required
  • Access is restricted or suspended if necessary
  • Corrective actions are implemented immediately

10. Monitoring & Auditing

  • System logs are continuously monitored
  • Unauthorized access attempts are tracked
  • Periodic internal security audits are performed

11. Policy Updates

This policy may be updated periodically to reflect:

  • Security improvements
  • Legal or regulatory changes
  • System upgrades

Users will be notified of significant updates.

12. Contact

Salsabeel ERP by Al-Bari Technologies