Security is afforded the highest priority by ELCY. Comprehensive security measures have been implemented at every step of the transaction process to ensure the complete protection of user data and full client confidentiality.
Access to ELCYmbp is governed by a two-factor user authentication system. Granular levels of authorisation are available to clients to achieve separation and segregation of duties and ensure strong, auditable procedures.
Client data is encrypted both at rest and in transit.
ELCYmbp platform is built on the AWS PRIVATE cloud infrastructure. ELCY IT infrastructure uses the security capabilities and services of the Amazon Virtual Private Cloud that increases privacy and control for network access by isolating the VPC from all other networks by default.
The AWS platform regularly undergoes various audits and has been certified by third parties for SOC2 Type II, HIPAA, SSAE18 Type II, and ISAE 3402 Type 2 standards. It also complies with GDPR, European Union-U.S., and Swiss-U.S. Privacy Shield frameworks
In order to further protect client’s data, ELCY has achieved its own ISO27001 certification and fully complies with GDPR.
ELCY IT infrastructure makes use of a fully managed AWS Database which provides a High Availability solution.
As the AWS Database spans multiple regions, ELCY has built a complete Disaster Recovery solution with no loss of client data.
ELCY has implemented its own VPC using security groups and ACLs to maximize and monitor the security of its VPC, which has been tested by external security audits.
Data protection is provided using web application firewalls and DDoS protection.
Independent security audits and penetration tests are conducted on a regular basis.
Our Information Security Policy is available on request.